Mailinglist Archive: opensuse (1445 mails)

< Previous Next >
Re: [opensuse] SAMBA.
On 16/03/12 12:44, Anton Aylward wrote:
Carlos E. R. said the following on 03/16/2012 07:15 AM:
On 2012-03-16 02:18, James Knott wrote:
Carlos E. R. wrote:
On the other hand, Linux native filesystem protocol, NFS, has no passwords
at all, it is completely insecure.
I thought NFS access was via user ID.
Precisely.
And they can be faked.

The drawback of this is different
users could have the same ID on different computers. For example, I could
be user 1000 on my computer and you would be 1000 on yours. An NFS file
server sharing for ID 1000 couldn't tell the difference between me& you.
Absolutely. Users can not be remapped, to my knowledge.
While I count my self fortunate in that I've always been able to ensure
matching user IDs, I thought there was a tool for remapping ...
nfsmapid(4) or rpc.idmapd and idmapd.conf(5)

http://www.dcache.org/manuals/Book-2.1/config/cf-idmap-fhs.shtml
https://wiki.archlinux.org/index.php/NFSv4#ID_mapping

There's probably more too it and there's probably a need to experiment,
but this isn't a "there isn't a way" suituation.

Oh, yes, there will be user IDs that don't map, a user that exists on
one machine and not the other. Such is real life.

Hi

For nfs, the user need (should) only exist at the server end of the connection. If the same user exists on both the client and the server then which set of files does she get and how does she benefit from an nfs mount? The only advantage I could see in that would be if she required two sets of userspace. One for her files on the server and another for her files on the client. You would then mount her server files on a separate mount point on the client so she would have the benefit of both. But surely, the point of nfs is that the client needs only bare bones. The data is mounted on the client. It is as if the user were sitting at the server.

Just thinking out loud:-)

L x
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >