I have an NFSv3 export configured, and a specific host granted "Read Write" access. When I mount this NFS export on the remote client, all permissions automatically become 777 and is owned by root. I want the NFS filesystem to be owned by another user, and I don't want permissions to be 777 (so not everyone on the remote host has read/write access to it).
I believe I need to add users with to the Filer's /etc/passwd and /etc/group with UID/GID's that match those on the remote host first of all. How can I do this? I don't see an option in useradmin to specify UID/GID. Do I need to manually drop to a shell and modify /etc/passwd and /etc/group?
How do I keep the export from forcing 777 on the remote host?
Ok, I think I need to use "nfs4_setfacl" on RHEL (instead of setfacl) to set the ACL's. Do I have to export the filesystem read+write or should I just use an ACL to allow write access? If I export the filesystem as read+write, then every user on the client machine can delete/modify/create new files, regardless of the ACL setting. This is not what I was looking for. I want to use ACLs to restrict which local users on the client machine can modify files on the NFS export.
Ok, got it. So, my testing reveals that I am only able to configure ACL's for users that are on the Filer AND the client. If user "xyz" is a local user on the Linux machine, but not defined in /etc/passwd (or LDAP/NIS) on the Filer, the ACL operation fails. Is this expected?
I did not test for a local user. But il think that if you are using a domain id ( ldap/nis) , you can set the ACL just for the users in this domain. If you have a local user, you should add it to the domain.