Unsolved
This post is more than 5 years old
2 Posts
0
9568
October 28th, 2015 09:00
Permissions issue on nfs share, exported via isilon
Hi,
I created one nfs export via gui, I gave the correct Directory name /ifs/new/data.
Clients: 169.138.12.182, Enabled write access on the directory.
Under Access control Column.
Credential mapping: Map all users.
Username: nobody
Group Membership: Don't modify.
Done.
dke2isilon-2# ls -lead /ifs/new/data
drwxr-xr-x 14 portal portal 296 Oct 12 05:20 /ifs/new/data
OWNER: user:26958
GROUP: group:portal
SYNTHETIC ACL
0: user:portal allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
1: group:portal allow dir_gen_read,dir_gen_execute
2: everyone allow dir_gen_read,dir_gen_execute
dke2isilon-2#
Now when the user is trying to scp any file on the share the owner of the file is changing to nfsnobody, the owner of the directory is
portalp so the file should also show as being owned by portalp
[root@dkwlane-01 directory]# ls -l 1321536998220_063675.PDF
-rw-r--r-- 1 nfsnobody portal 7 Oct 28 2015 1321536998220_063675.PDF
Can anybody tell what's wrong , which setting i have to modify to correct it. Also i am pretty new to isilon, can somebody share the cli cheatsheet please
0 events found
carlilek
2 Intern
•
205 Posts
1
October 28th, 2015 09:00
You have mapped all users to nfsnobody. You should only Map root user to nobody (to root squash). Otherwise, the behavior will be exactly what you describe.
Kohli-Dstorageg
2 Posts
1
October 29th, 2015 02:00
Thanks for the response carliliek. Can you tell what should i change in Access control fields to make it work.
Option 1.
Credential mapping: Map root users.
Username: nobody
Group Membership: Don't modify.
Option 2.
Credential mapping: Map all users.
Username: nobody
Group Membership: Don't modify.
Option 3.
Credential mapping: Map all users.
Username: root
Group Membership: Don't modify.
Option 4.
Credential mapping: Map all users.
Username: portal ( the uses who is accessing the share)
Group Membership: Don't modify.
carlilek
2 Intern
•
205 Posts
1
October 29th, 2015 09:00
Option 1 would be my choice. This allows identity to be consistent between the client and the Isilon, but also keeps root squashed so the user can't simply sudo and be able to delete anything on the server side.
Option 3 would be catastrophically bad, and unless you simply want all users who log in to have their files created as owned by portal, option 4 would not be the correct choice.
I am confused by your reference to scp, which implies a copy via ssh to the Isilon directly, which would bypass nfs entirely. Or am I missing some part of this setup?