I've exported a share from my server and set anonuid and anongid to be 0 (root). However, when I mount the share on the client, it doesn't appear my settings are working as I'm getting permission denied to folders within the share owned by root.
Server CentOS 5.7
/ Client CentOS 6.4
using NFS version 3.2.29.
Here is my /etc/exports on SERVER:
/STORAGE 10.0.5.10(rw,sync,no_subtree_check,no_root_squash,anonuid=0,anongid=0)
Basically, when the client (10.0.5.10)
connects to the server, I need it to behave as if it were root on the server. Thank you in advance for the help!!
Best Answer
If you want any user on 10.0.5.10 to appear as root you want to do this:
/STORAGE 10.0.5.10(rw,sync,no_subtree_check,all_squash,anonuid=0,anongid=0)
all_squash
tells NFS that for any user connecting from 10.0.5.10, ignore their actual UID/GID and instead treat them as if UID=anonuid and GID=anongid. Since you setanonuid=0,anongid=0
that gives all users on10.0.5.10
root access privileges on/STORAGE
, effectively bypassing all security on/STORAGE
and leaving it wide open to abuse from anyone appearing to come from the 10.0.5.10 IP address.FWIW, this is a terrible idea from a security point of view.
If you can use NFSv4 on the server, you can enable UID/GID mapping and add a static map to
/etc/idmapd.conf
on the server, telling it that a specific user on 10.0.5.10 should be given root access on the NFSv4 server.man idmapd.conf
for details on setting up the config file. Once the config file is set up on the NFSv4 server, update your export:/STORAGE 10.0.5.10(rw,sync,no_subtree_check,no_root_squash)
Then you just want to enable mapping, clear the idmap cache, and restart the map service:
If you do that, you're only giving one user root access, not all users.