# nfs root_squash

## alex.blackbit

Hi,

I export a single directory over nfs on machine a that is mounted as rootfs on machine b.

machine b wants to do some chown calls and the like.

the directory that is exported is in /home/foouser and therefore the exported files are owned by foouser.

to make this work i tried the following line in /etc/exports:

```
/home/foouser/abcd 192.168.233.0/255.255.255.0(rw,async,root_squash,no_subtree_check,anonuid=1000,anongid=1000)
```

where 1000 is the uid and gid of user foouser.

when the filesystem is mounted, the existing files are owned by 1000:1000.

the problem is as follows:

```
# id

uid=0(root) gid=0(root) groups=0(root)

# touch x

# ls -l x

-rw-r--r--    1 1000     1000             0 x

# chown root:root x

chown: x: Operation not permitted

#
```

Shouldn't this work?

Any hints welcome.

Thanks in advance.

EDIT:

it's not an option to use no_root_squashing.

that would make chown work but has the implicaiton that there are files owned by root in the home directory of foouser.

this is not acceptable, all files must be owned by foouser on the nfs server.

what i am searching for is a mapping of root on machine b to foouser on machine a.

----------

## NeddySeagoon

alex.blackbit,

This fails as root is not an anonuid.  Its user ID 0 on both boxes, so root_squash applies and root is mapped to nobody.

nobody has no disk access at all, it fails.  The idea is to prevent root users on boex mounting the exported fs from being root on th exporting box.

Any userID that does not exist on the exporting box will be mapped to anonuid, so <random_user> will be able to do what you want but not root.

----------

## alex.blackbit

NeddySeagoon,

thanks for your answer.

Your explanation was very detailed, I got the point.

Are you aware of any solution for my scenario?

on the nfs client it should be possible to have files which are owned by root (uid 0).

these files should be owned by a given other uid on the nfs server.

----------

## NeddySeagoon

alex.blackbit

The problem is that the nfs client does not own its own filesystem.  If userIDs (names don't matter) on both systems match, both systems assume the files belong to the same user.

If great care is not taken to maintain the userID to username mapping on both systems odd resutls happen. Like usr foo appearing to own user bar files if they swap systems.

I can't think of a clean solution. You could give root a different userID on the client. This will break all those applications the have userID 0 hard coded as root.

You could make a new rootish user on the client with the accesses you need but they would not be able to do userID 0 tasks to the client filesystem as they would also be userID  0 on the host.

That means we come back to no_root_squash.

Thats a long winded way of saying 'No'.

--- edit ---

Well, you can ssh into the host, sudo su - and tinker with the client fs that way.

----------

## alex.blackbit

thanks a lot for your time.

The problem is not solved, but the situation is _very_ clear now.

----------

