Ah. That makes perfect sense. What I did, then, was give the user "nobody" read access to /tank/shares/shawn. I could then mount that share on the client. On the client, I created a test file and that file ended up being owned as "shawn". This allows the user nobody to get a directory listing on the share, but that's fine. It locks out my other users from seeing my files. No one should be logging in as nobody.
Thanks for all your help. I really wish this was a bit more well-known and well-documented. Here's what I did: r...@sully:~# chmod A+user:nobody:read_set:allow /tank/shares/shawn sh...@shawn-desktop:~$ cd /net/192.168.2.6/tank/shares/shawn sh...@shawn-desktop:/net/192.168.2.6/tank/shares/shawn$ ls Android Documents Movies test.c Texts Virtualbox Backup httpd.conf Music test.img TV Shows VRDPAuthPAM.so CDs ISOs scripts test.so Videos sh...@shawn-desktop:/net/192.168.2.6/tank/shares/shawn$ touch moo sh...@shawn-desktop:/net/192.168.2.6/tank/shares/shawn$ ls -lv moo -rw-r--r--+ 1 shawn staff 0 2010-04-20 10:28 moo On Tue, Apr 20, 2010 at 10:23 AM, Tom Haynes <[email protected]> wrote: > On 04/20/10 10:52 AM, lattera wrote: > > I tried this example out and I saw my uid finally go across the wire. >> > > What example did you try and how did you try it? How do I get my UID to > go across the wire? > > > > > ls -la /net/server/share > > which actually can be thought of as: > > 1) mount server:/share onto /net/server/share > > 2) ls -ls /net/server/share > > > And the "mount" part goes across as root. It isn't the user which is being > authenticated at this point, it is the machine. > > Notice that you had the same issue when you tried to manually mount. > > In my testing, my shared directory was not locked down, which meant the > mount succeeded and then the ls was able to go across with my > credentials. > > > > >> I think you ACL is too restrictive - which adding nobody effectively >> shows. >> > > I'm not sure I agree with that. The share in question is for my (I'm > Shawn) eyes only. I have multiple users on the system and don't want them to > access my files. Is there a way to prevent others from accessing my files > yet have less-restrictive ACLs? > > > I don't do ACLs. :-> > > Try this, create another share and do not add an ACL. Instead, use chmod(1) > to set your permissions: > > > [th199...@ultralord ~]> touch shawn > [th199...@ultralord ~]> ls -la shawn > -rw-r--r-- 1 th199096 staff 0 Apr 20 11:22 shawn > [th199...@ultralord ~]> chmod 700 shawn > [th199...@ultralord ~]> ls -la shawn > -rwx------ 1 th199096 staff 0 Apr 20 11:22 shawn > [th199...@ultralord ~]> > > Then try to mount it. > > > > >> >> The other piece of the puzzle is that root will get mapped to be the anon >> user id, which is also "nobody". >> >> >> > I was under the impression that autofs would send my UID across the wire... > Meaning not mapping as nobody. Maybe LDAP is after all the answer here? > > > See above, but the issue isn't where we get your UID, but the UID we use > during the > mount portion. > > _______________________________________________ nfs-discuss mailing list [email protected]
