Find the answer to your Linux question:
Results 1 to 5 of 5
I want to use NFS shares for the Linux clients in my office. After setting up a NFS server on a server box, I discovered that the documents ( Open ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie
    Join Date
    Feb 2007
    Location
    USA
    Posts
    221

    Editing "etc/exports" File


    I want to use NFS shares for the Linux clients in my office. After setting up a NFS server on a server box, I discovered that the documents ( Open Office, docs, xls ) in the NFS directory were opening as Read Only on the clients. Users need to edit these files so Read Only is useless. I double checked that the permissions on the files (owner - mike, group - users, 777) gave users access to them however they still were opening as Read Only on the clients. After some research I discovered the etc/exports file.

    /home/mike/mj2008_nfs 192.168.1.*(fsid=0,ro,sync,root_squash)
    /home/mike/data *(fsid=0,ro,sync,root_squash)
    /home/mike/data/mj2008 *(ro,sync,root_squash)
    /home/mike/data/mj2008/MJ2008_Documents/mj2008_office *(ro,sync,root_squash)


    QUESTIONS:

    1. Is it ok for me to change these to Read/Write (rw)?
    2. Why were the directories set up as Read Only (ro)? I set this up via YaST.
    3. Is NFS designed to be Read Only? I wanted to get away from using Samba shares but NFS turned out to be much more difficult to set up,
    4. If it is not recommended to edit the directories to Read/Write, what is recommended for file sharing in a Linux client/server environment where users need to edit/modify files on the server?

    Regards,

    -Mike
    Suse Linux Enterprise Server 11
    Suse Linux Enterprise Server 10 - SP3
    OpenSuse 11.2, KDE 4.3.1

  2. #2
    Linux Engineer Freston's Avatar
    Join Date
    Mar 2007
    Location
    The Netherlands
    Posts
    1,049
    Quote Originally Posted by MikeH30
    1. Is it ok for me to change these to Read/Write (rw)?
    2. Why were the directories set up as Read Only (ro)? I set this up via YaST.
    The thing I can think of is security. You are handing out permission to users to change something on another machine. This is a permission not to be taken lightly. Of course, if all your permissions are checked and found to be sane, then you can give users write access.


    Quote Originally Posted by MikeH30
    3. Is NFS designed to be Read Only? I wanted to get away from using Samba shares but NFS turned out to be much more difficult to set up,
    No it's designed to be a networked filesystem that acts in all respects as though it's a local filesystem. It shouldn't be really hard to set up. Although it's always a bit complicated to get the permissions Just Right when multiple users have access to it from multiple machines.
    But for all intents and purposes, if set up right, the user need never know that ~/shared\ documents is not on his/her local machine. That's quite nice, because users having to keep track of trivial things like on what server their needed documents live is wasted effort. I mean, we have computers to keep track of that, right??
    One thing to mind though, NFS has quite some differences between versions. I take it you use NFSv4?

    Quote Originally Posted by MikeH30
    4. If it is not recommended to edit the directories to Read/Write, what is recommended for file sharing in a Linux client/server environment where users need to edit/modify files on the server?
    I prefer SSHFS myself due to it's focus on security, but then, I wouldn't be able to tell you the difference between NFS and SSHFS in network load which is also a concern.

    Also, more thought needs to go into SSHFS when you introduce flexible workstations into the network. I don't know if this is the case in your setting, so it may not be an issue.


    This:
    owner - mike, group - users, 777
    What happened to Ye Olde 660
    Can't tell an OS by it's GUI

  3. #3
    Linux Newbie
    Join Date
    Feb 2007
    Location
    USA
    Posts
    221
    Thank you Freston for taking the time to answer my questions about NFS!! Now I see why NFS is robust and superior to a windows share.

    Quote Originally Posted by Freston View Post
    But for all intents and purposes, if set up right, the user need never know that ~/shared\ documents is not on his/her local machine. That's quite nice, because users having to keep track of trivial things like on what server their needed documents live is wasted effort. I mean, we have computers to keep track of that, right??
    Making a NFS share appear as a local folder on a users desktop is pretty neat. I remember way back when I was first introduced to network windows shares I thought it was cool to share files over a network but I remember always thinking about which server certain files were located.

    Quote Originally Posted by Freston View Post
    This:
    owner - mike, group - users, 777
    What happened to Ye Olde 660
    I am not sure I get the joke. I am starting to do more with permissions and do not know all of the codes.

    QUESTIONS

    1. After I change the etc/exports NFS directory to Read/Write (rw), will the files still then be restricted by the owner/group and number ( 644, 777, etc) permissions set on them?

    2. Will I have to create a user on my server for every user on the network? Or at least a user for each of the physical clients? Our environment is small - 8 PC's/clients, 1 server, so that will not be a big deal.

    Regards,

    -Mike
    Suse Linux Enterprise Server 11
    Suse Linux Enterprise Server 10 - SP3
    OpenSuse 11.2, KDE 4.3.1

  4. #4
    Linux Engineer Freston's Avatar
    Join Date
    Mar 2007
    Location
    The Netherlands
    Posts
    1,049
    Quote Originally Posted by MikeH30
    Quote Originally Posted by Freston
    This:
    owner - mike, group - users, 777
    What happened to Ye Olde 660
    I am not sure I get the joke. I am starting to do more with permissions and do not know all of the codes.
    Ah, yeah, I wasn't really clear. I don't create files world readable, let alone world executable especially on a share. For most intends 660 (rw-rw---) or even 640 (rw-r-----) is a safer option. Specially on a NFS share where it's quite easy to gain access (permissions allowing). And carefulness is the keeper of the porcelain cabinet

    Quote Originally Posted by MikeH30
    1. After I change the etc/exports NFS directory to Read/Write (rw), will the files still then be restricted by the owner/group and number ( 644, 777, etc) permissions set on them?
    Yup! That's the idea. But I have a question back:
    it used to be that NFS checked for permissions solely based on UID and GID. Hence the importance of rootsquash.

    Example:
    John has UID 1001 on his machine
    Michelle has UID 1001 on her machine
    John puts ~/secretbankaccountinfo in his NFS share, chmoded to 600
    Michelle wants to open this file
    The NSF daemon checks permissions based on UID and finds 1001 to be the correct UID. So Michelle can open Johns file.

    ==> Is this still the case?? (default to YES if unknown)
    Googling a little shows this was still the case in late 2007. So I guess it's something to research before deploying this in a live environment.

    From man exports:
    nfsd bases its access control to files on the server machine on the uid
    and gid provided in each NFS RPC request. The normal behavior a user
    would expect is that she can access her files on the server just as she
    would on a normal file system. This requires that the same uids and
    gids are used on the client and the server machine. This is not always
    true, nor is it always desirable.
    Quote Originally Posted by MikeH30
    2. Will I have to create a user on my server for every user on the network? Or at least a user for each of the physical clients? Our environment is small - 8 PC's/clients, 1 server, so that will not be a big deal.
    As above. It's not necessary, because there are other ways of managing access control. It might be a good idea though. The most important thing seems to be to keep the UID's and GID's consistent.



    Quote Originally Posted by MikeH30
    Making a NFS share appear as a local folder on a users desktop is pretty neat. I remember way back when I was first introduced to network windows shares I thought it was cool to share files over a network but I remember always thinking about which server certain files were located.
    Yeah, and just when you think you know your files are on G:, you log in on a machine with more peripherals and the server name changes to H:[/rant]
    Can't tell an OS by it's GUI

  5. #5
    Linux Newbie
    Join Date
    Feb 2007
    Location
    USA
    Posts
    221
    Thank you again Freston! You have given me a good start into using NFS. This should at least get my users modifying their documents for now. The current work around was keeping Samba. We have a MySQL/PHP web application and users were unable to upload modified documents to the web application from a Samba share. They had to make a copy of the file on their local machine and then upload it to the web application. We use Fire Fox as the browser for our web application and the "browse" button on Fire Fox was unable to see the files in a Samba share. It only sees the local files. This is why I needed to get NSF working. This NFS stuff is pretty slick!

    -Mike
    Suse Linux Enterprise Server 11
    Suse Linux Enterprise Server 10 - SP3
    OpenSuse 11.2, KDE 4.3.1

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •