M
M
mayorovp2014-08-02 11:23:05
linux
mayorovp, 2014-08-02 11:23:05

NFS - can passwd sync be avoided?

The 4th version of NFS has already been released, and I'm worried about this question: is it possible to finally avoid synchronization of user bases?
The simplest situation: there are two users on the server - pavel (1000) and alexey (1001). On the client - they are the same, but in a different order - alexey (1000) and pavel (1001). Is it possible to set up NFS so that everyone can access their own files and not someone else's?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
A
Alexey Cheremisin, 2014-08-02
@mayorovp

Of course you can! Deploy ldap (or radius) and distribute users to servers and clients through it and pam. Well, if you use nfs4 to the fullest, then you also screw kerberos to the heap.

E
evnuh, 2014-08-02
@evnuh

and what's the problem then just change the username and password after synchronization, since the bottom has different IDs?

D
Denis Khabarov, 2014-08-02
@Saymon21

But what if you change the UID and GID through usermod?

V
Vasily Angapov, 2014-10-26
@celebrate

Let's start with the fact that niks store information about the owner of files in inodes, where this information is presented exclusively in the form of numbers: UID and GID. No Pavels and Alekseys are stored in the ainod. This is regardless of the version of NFS, this is generally always the case.
Further, people are more accustomed to calling each other by names, not by numbers, so the /etc/passwd file first appeared, and then various services like LDAP, where which UID is stored which username corresponds. Unix will still only rely on numbers when determining the owner of a file, but it will also show us the names to make it clearer to us.
Hence the conclusion that if you want to maintain homogeneity of access rights in your infrastructure, then you must do it either manually (create users with the same UID and GID on each server), or centrally, using authentication from LDAP, for example. Nothing else.
Well, as the first stage in the centralization of user information, you will have to comb the infrastructure once and for all to a common denominator. Working in large infrastructures can be quite dreary, but extremely useful. If you are interested in the details - write in a personal, I will help with advice.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question