Re: need help: nfsv4 idmap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Neal Becker wrote:

> I'm wondering if I can use nfsv4 idmap so that I can share files between systems 
> without syncing uids.
> 
> Thing is, I don't want to have to learn kerberos, ldap, etc.
> 
> Is it possible to use idmap functionality without any complicated setup?
> 

One workaround that can be used not involving Kerberos, NIS, LDAP, etc
is setting the hosts files.

If you set up your hosts.allow with machines you want to access the
server e.g:

`portmap: 192.168.0.x , 192.168.0.xx`

& your hosts.deny e.g:

`portmap:ALL
 lockd:ALL
 mountd:ALL
 rquotad:ALL
 statd:ALL`

you can then makes the shares world writable. If that's of major concern
to you, you can add in hosts.deny:

`ALL:ALL` but you may run into problems adding new services.

Portmapper first visits hosts.allow & any entry it finds in there is
allowed access. If it finds nothing corresponding in there, it then
checks hosts.deny & follows the rules set there. So it will accept any
entry you set in hosts.allow & then block all other access making it
secure. Not the Red Hat way one suspects but down & dirty & it works.
Not advisable for forward facing, production machines, etc, etc...

Cheers,

  Phil...

- -- 
currently (ab)using
CentOS 6.2, Debian Squeeze, Fedora Beefy, OS X Snow Leopard, Ubuntu Precise

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: §auto-key-locate cert pka ldap hkp://keys.gnupg.net
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJQE7/yAAoJEKuJdOaOnmMJ4q4H/39h78FBYjGgPT0lNYW6YRfs
e3AYiUjic2G4+QyJfSvdAyjDJXO3meWWtZL2MQ3qCCvsAK0ju5yQbVJAVdSkKcz1
yngMyhBrXg5o5/6hSJBg30fR2UIaBdaj5Q6t1t47auOzqhY0MrrgDC8R1YUE/IuN
yfx/3pUnbg3LThSVZkEPYVDNx22BYfWeEb/VBF0dinTfm3FmMW+DiRZDQ9Hnx+gH
bTkBKpOxt8CW+1S85k9Y1rCySbqCXiH4apecSF4fhPJGK78DaoTeXL/rHUGo87E2
uBFT1FAr2UKwdKlFOoezkiVGZrDaZe79zUU3ag5edHIkrCPTVY0TuUA8Rh8TVR8=
=Z7wn
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux