Recent blog posts

You're nobody until ...

By Sandra Henry-Stocker  Add a new comment

August 26, 2009, 10:48 AM Before we go any further with this, it's good to start with an important caution. Any type of "trust" between root on one server and root on another represents a security risk. If one server trusts another, any type of compromise on the trusted system can be perpetuated on the trusting server. So, we should use a good dose of caution before we modify the normal not-so-trusting nature of a service such as NFS.

If a file system from one file server is mounted on another in such a way that root on the mounting system is given the full authority of root on the server sharing the drive, then anyone acquiring root access on the server mounting the file system has as much authority over the file system's content as root on the sharing server. When you really need this type of full control from a number of systems, it's available to you and often a better approach than having the contents of the shared file system being shared in such a way that ordinary users have full access to the files.

You can give root on trusted servers full access to file systems they are mounting by sharing those files systems with the root= option as shown here:

share -F nfs -o rw,root=trust1:trust2:trust3 /shared_dir

If you don't provide root trust, root on the systems mounting the shared volume will be treated as the unprivileged "nobody".

How ownership of files on mounted volumes appears depends on another setting. The last line in the /etc/default/nfs file sets up a variable called NFSMAPID_DOMAIN or, by default, assigns the domain to your DNS domain. This setting should be the same across the systems sharing file systems. Instead of "#NFSMAPID_DOMAIN=domain", you might have "NFSMAPID_DOMAIN=dynamic". If all of the files in your mounted file systems appear to be owned by nobody/nobody, look into this setting. Instead of this:

boson# ls -l /mnt2
total 2
-rw-r--r--   1 nobody   nobody      2412 Aug 25 19:01 file2
-r--r--r--   1 nobody   nobody       372 Aug 25 19:09 accts

You probably want to see this:

boson# ls -l /mnt2
total 2
-rw-r--r--   1 root     root        2412 Aug 25 19:01 file2
-r--r--r--   1 gizmo    staff        372 Aug 25 19:09 accts

Changes in NFS settings of this sort seem to take a while to propagate, so don't be surprised if you're find yourself starting at "nobody nobody", call your coworker to take a look and, by the time s/he appears, see "root root" on your screen.

ITworld LIVE

IT Management/StrategyWhite Papers & Webcasts

White Paper

The Cloud: Reinventing Enterprise Collaboration

Collaboration and content sharing are not, of course, new concepts. But cloud computing has changed the nature of collaboration, content sharing, document storage and project management to enable more efficient, faster-acting and cost-effective enterprises. According to a new study by IDG Research, the vast majority of knowledge workers (86%) placed a very high level of importance on collaborating with internal coworkers and external stakeholders, and having access to the most up-to-date corporate information. Read how organizations are realizing massive productivity gains by transitioning their content management solutions to cloud-based models.

White Paper

Empowering Your Mobile Worker

Today's most productive employees are mobile, and your company's IT strategy must be ready to support them with 24/7 access to the business information they need across a range of mobile devices.See how corporations are meeting the many needs of their mobile workers with the help of Box.

White Paper

Market Landscape Report: Online File Sharing and Collaboration in the Enterprise

The trend toward "consumerization" marches onward in IT; more and more end-users are choosing their own hardware plaforms and software applications in lieu of the IT-sanctioned business tools provided by their companies. These end-users are looking to tackle issues like data sharing, portability, and access from multiple intelligent endpoint devices, creating a conundrum for IT as it needs to balance business enablement, ease of access, and collaborative capacity with the need to maintain control and security of information assets. This need for balance is one of the drivers of the fast growing online file sharing and collaboration segment of the SaaS market. This paper examines the market drivers, inhibitors, and top vendors in this segment, including Box, Citrix Sharefile, Dropbox, Egnyte, Nomadesk, Sugarsync, Syncplicity and YouSendIt.

White Paper

Sharing Simplified - Consolidating File-sharing Technologies

Employees need to share content with colleagues within their organization and outside. Yet, ECMs make it hard to share content within a business and impossible between organizations. Read how one company consolidated multiple file sharing technologies to increase productivity and reduce complexity.

White Paper

Content Sharing 2.0: The Road Ahead

A growing number of companies are taking advantage of the natural synergies that exist between cloud-based IT services and content access and sharing. Legacy content management and collaboration systems simply weren't designed to meet the evolving requirements of today's IT and business managers, as well as the needs of content users. Box provides cloud-based content storage, access and collaboration services that require virtually no user training and supports file access and delivery on almost all popular PC and mobile devices. Read how Box let companies rapidly implement a cost-effective and secure content storage and sharing system that can easily expand to accommodate any size and number of files.

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join Now

New questions

What are some good moderate priced ear bud headphones?
2 answers
How much longer will last years flooding in Asia impact hard drive supplies?
4 answers
Would you consider buying The Leap for your office?
0 answers
What would be a good video editor for small business use?
5 answers
What could Apple's new "most important" project be?
2 answers
View more questions

Ask a question

Join Now or Sign In to ask a question.
Ask a Question