Redhat – Restrict user to mount with autofs

autofsredhat

Redhat 4/5

I'm trying to centralize home directories for my users. We're not at the point to implement ldap just yet, but let's say I want all my users' home directories mounted off an NFS server. I got it all working, autofs that is, but I have one minor problem.

If Sally logs in, her home directory is mounted under /export/sally. If she runs ls /export/sam it'll "mount" /export/sam, but she can't read or write to it. It still shows up as a mount point if she runs df -h because she attempted to mount it via autofs. Is there a way to restrict this?

/etc/auto.master

/export /etc/auto.export

/etc/auto.export

*       -fstype=nfs,rw,nosuid,soft nfsserver:/export/&

Best Answer

There is no way to restrict this, because of a few reasons:

  1. It is possible for Sam to have a folder/file that Sally has permissions to access, so Sally accessing Sam's $HOME is not necessarilly an incorrect action.
  2. The system doesn't know what the permissions on the files in the mount are, until the NFS share is mounted.

You could try something like:

$USER servername:path/to/exports/home/&

However, if Sam were logged in while Sally was logged in, Sally would still see /auto/sam.

Related Topic