# nfs permissions

## carpman

Hello, seem to have a problem with nfs shares, things were working ok but now i can't seem to write to share, looking at the permissions i see

```

user = 1000

group = scanner

```

Is this correct or should it be something else?

mounted with

```

192.168.1.7:/storage                    /home/network_storage           nfs     rw,hard,intr      0 0

```

exported with

```

/storage/ 192.168.1.5(rw,no_subtree_check,async)

```

cheers

----------

## eccerr0r

Not enough information, sure that the permissions of the user (numerically) writing matches the directory/file you're trying to write to?

I think the default is root_squash so root has no access to write to the NFS share.

----------

## Hu

 *eccerr0r wrote:*   

> so root has no access to write to the NFS share.

 

Not necessarily.  Root squash remaps root to the anonymous user.  Traditionally, nobody is the anonymous user.  If nobody can write to the NFS share, then root can write to the NFS share.

----------

## carpman

 *eccerr0r wrote:*   

> Not enough information, sure that the permissions of the user (numerically) writing matches the directory/file you're trying to write to?
> 
> I think the default is root_squash so root has no access to write to the NFS share.

 

Hello, ok i was able to connect to nfs server from laptop and workstation, now laptop can read but not write and a new install of workstation can do nether.

The permission of folders on serve are set to same user as on laptop and workstation, the  UID on server and laptop have not change but the workstation maybe different!

How can check the UIS on server and sync these for all machines?

Even better how can i have it so USD do not have to match, which owuld make more sense then i could multiple users connecting to shares?

cheers

----------

## djinnZ

if the numerical id (you ca see it in the passwd file) or the user will be different search on all_squash option. If you will write as root from a client the no_root_squash option must be speciefied.

----------

## carpman

 *djinnZ wrote:*   

> if the numerical id (you ca see it in the passwd file) or the user will be different search on all_squash option. If you will write as root from a client the no_root_squash option must be speciefied.

 

Thanks for reply, ok on server the UID is 1000, on laptop the same but on desktop it is 500, so next question how can i change UID on workstation to match server?

Yes i know about the no_root_squash and use this for my backup share which must be root, but surley if i have multiple users and need to have them access a share they will have different UID in which case how can they access nfs share?

cheers

----------

## aronparsons

 *carpman wrote:*   

>  *djinnZ wrote:*   if the numerical id (you ca see it in the passwd file) or the user will be different search on all_squash option. If you will write as root from a client the no_root_squash option must be speciefied. 
> 
> Thanks for reply, ok on server the UID is 1000, on laptop the same but on desktop it is 500, so next question how can i change UID on workstation to match server?
> 
> Yes i know about the no_root_squash and use this for my backup share which must be root, but surley if i have multiple users and need to have them access a share they will have different UID in which case how can they access nfs share?
> ...

 

The best way to resolve this is to sync up your UIDs and GIDs.  This is as easy as editing /etc/passwd and /etc/group; you'll then need to run chown on the user's home directory and any other files they own since their UID/GID changed.  Typically NFS shares are used with shared user information (e.g. yp or LDAP), so the UID/GID problem is less of a concern.

If multiple users need write permissions, you'll need to define your groups so they have write access.  Something like the setgid bit on the directories (see 'chmod' man page) will force all files created in those directories to be owned by the group, even if the user's default group is something else.  Something else you should look into is ACLs, which can be used in place of the 'setgid' bit or can complement it by providing more granular permissions (and allowing you to deny permissions as well).

----------

## djinnZ

/somewhere servername(rw,all_squash,anonuid=1000,anongid=1000)

in /etc/exports.

Thats all. As reported in man exports. You can't remap user id for now.

With ACL and other approach you can only set defaults permissions or owner but not traslate a specific uid.

Is possible to use the inotify (as created a new file change uid to the correct user name) but is too slow, complicated, insecure and unstable.

The only way is to sync the passwd (not even the shadow, you only need to match the users numerical id not to share the passwords) via nis by example.

----------

