# How do I accomplish this?

## RaceTM

I'm running Gentoo on my desktop and on my server in the house.  Both machines are pretty tightly coupled, the desktop has about a dozen mounts off the server and there are a few going the other way.  Everything has worked pretty well, up until I updated the server to kde 4.

So my problem right now is that there is a certain section of files on the server which I prefer to keep read-only when accessed from my desktop, just to ensure that nothing gets accidentally deleted.  However, I want to be able to access this stuff in read/write mode when I need to, and I want to be able to access this functionality in a convenient way.  Up until the update, what I was doing was running an instance of vncserver as root on the server, and I would just connect to that, open a few file browsers and away I went.   Worked great for me.  But since the update to kde4, vnc is broken and is not usable.  Something about gradients and plasma not working well with vnc. I managed to change the themes and get things better, but it its still not usable.  Menus dont come up properly, colors are really messed up, and after doing some searching I've come to the conclusion that this is a common issue with a lot of the vnc applications and kde4 and its probably not going to be fixed any time  soon.  Fine, not a huge deal.  I can try to find a workaround.

So the next thing I tried, was to have separate mount points for the critical section of the server.  I created a ro mount, and a rw mount.  Because nfs squashes the root account for security reasons (which is fine, I'd rather keep it that way), I created an account to act as a dummy root account, and gave this account ownership of all of the files in the critical section.  My idea was to mount this rw mount when I need to modify some of the files, open a terminal and su to this dummy root account, and open a couple instances of konqueror.  This would give me read/write access temporarily and I could just close those windows when I was done what I needed to do.

Sounded like a greta idea, but unfortunately this doesn't seem to work too well though.  I guess nfs has trouble determining who is trying to access the files because if I try to move a file within these konqueror windows, the file copies but I always get an 'access denied' error, and the source file is not deleted.  If I delete it myself it works fine, its just that the actual move action isn't able to execute properly.

So after gettig all this set up, making sure the UIDs and GIDs for this dummy account were synchronized on both machines, and that the mounts were set up properly, and it ended up not working, I figured maybe I was making things too complicated. So I thought I would post here and see what people thought.  Maybe there's a more elegant solution out there that I haven't considered.

If you made it this far, then thanks for reading...even if you have no advice to contribute  :Very Happy: 

----------

## Hu

Although it mostly works, running any GUI application as root is usually a bad idea.  I find it a bit odd you are concerned enough about accidents that you want the mount to be read-only, but you have no problem running lots of GUI tools with full rights to wreck the system.  :Smile:   Is there any reason you cannot just ssh to the server and su to root, possibly in a screen session, for those occasions when you need privileged access?

----------

## RaceTM

 *Hu wrote:*   

> Is there any reason you cannot just ssh to the server and su to root, possibly in a screen session, for those occasions when you need privileged access?

 

Well the problem is I don't think performance would be very good if I was x-forwarding everything I needed to run.  Bringing the data file back (i.e. a local rw mount) seems to be ok because amarok, vlc, etc are able to seek properly and it's not too bad, but I would think that x-forwarding everything would be pretty brutal, performance-wise.  I will play with it though just in case, maybe it will work better than I expect  :Smile: 

Ideally though I would like to have a full gui, whether it's a vlc-like session or the ability to use my desktop's programs via a local mount.  It's just easier for my purposes.  And since I'm the only one using this read/write mechanism, I'm confident enough not to let the potential pitfalls hold me back.

----------

## Hu

For audio/video, it is indeed better to access those via a network mount than to use X forwarding.  What are you doing that requires write access to a volume on the server, which is also so performance sensitive that it cannot be X forwarded?

----------

## RaceTM

 *Hu wrote:*   

> For audio/video, it is indeed better to access those via a network mount than to use X forwarding.  What are you doing that requires write access to a volume on the server, which is also so performance sensitive that it cannot be X forwarded?

 

I would rather not discuss that on a public forum  :Very Happy:  but suffice it to say if, amarok, vlc, and some sort of file manager (i.e. konqueror) would work properly, I would be more than happy.

So I guess one option, which is a bit sloppy and not ideal, would be to use amarok / vlc via the ro mount, and use konqueror via the x-forwarded root shell.

If anyone stumbles across this and has another suggestion, I would be happy to hear it  :Smile:  Including hearing about any remote desktop clients which work properly with kde4 :/

----------

## Hu

I never suggested using any GUI application via an X-forwarded root shell.  I intended for you to use a root shell such as bash, dash, zsh, etc. on the server, X-forward as you applications which need read-write access, and run read-only capable programs via NFS mount.  It is ugly, but that is the closest I can come to solving the problem with the constraints you have set.

----------

## RaceTM

 *Hu wrote:*   

> I never suggested using any GUI application via an X-forwarded root shell.  I intended for you to use a root shell such as bash, dash, zsh, etc. on the server, X-forward as you applications which need read-write access, and run read-only capable programs via NFS mount.  It is ugly, but that is the closest I can come to solving the problem with the constraints you have set.

 

I do in fact need konqueror with read / write access  :Very Happy: 

That's alright though, its performance is acceptable so that is not an issue.

Thanks for the suggestions Hu, I will try this approach for a while and see if it causes any problems!  Also eliminates the need to run one more service (vnc) on the server, which is nice as well.

----------

