On Thu, Nov 18, 2010 at 4:59 AM, Valentijn Sessink <valentyn@xxxxxxxx> wrote: > Kevin Coffman schreef: >> Did you see my message about "static" mapping for libnfsidmap? > > Yes, but it's scope was not immediately clear to me. Also, I couldn't > find the mapping feature you were mentioning; but my idmapd man page > comes from the nfs-common sources, while your idmapd.conf example (as > you explained) comes from libnfsidmap. > >> On your server, you can map "host/client.machine@REALM" to root. (Or >> "nfs/client.machine@REALM" or "root/client.machine@REALM", depending >> on what key you have on the client.) > > OK, now I understand :) As far as I can see, that would mean that anyone > with root rights on the client (thus being able to read the machine > keys) would have root rights on the server share, wouldn't it? Isn't that the equivalent of no_root_squash? (root on the client == root on the server) You are free to map any principal to root on the server. It doesn't have to be a client's machine credentials. K.C. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
