Network Storage Protocols Discussions

Highlighted

NFS:root option

Hi All

I am trying to understand what the purpose of using the root access restriction option is while exporting an NFS share.

As per http://now.netapp.com/NOW/knowledge/docs/ontap/rel701r1_gf/html/ontap/filesag/2nfs3.htm If you specify a host with the root option, the root user on that host keeps the root UID (0) when accessing the resource.

Doesn't the root user have the UID 0?

Regards

Ashutosh

2 REPLIES 2
Highlighted

Re: NFS:root option

  • By default, the anon option specifies a UID of 65534. That is, if you do not use the root and anon options for a resource, root users on all hosts access the resource using the UID 65534.
  • If the anon option specifies a UID of 65535, root access is disabled.
  • If the anon option specifies a UID of 0, root access is granted to all hosts.
  • If a name is provided instead of a UID, that name is looked up  according to the order specified in the /etc/nsswitch.conf file to  determine the corresponding UID to be assigned by the anon option.

Clarifies it. Is there anything else that I am missing to understand?

Highlighted

Re: NFS:root option

The root option gives the root user on an NFS client full privileges on the export. Otherwise, the root user, as you said effectively gets mapped to a UID corresponding to "nobody", a user that has no special privileges.

You may use it if you want to prevent someone who has root access on a client system from making changes on the filesystem. To be honest, it is not widely used these days.

Richard

Check out the KB!
Knowledge Base
All Community Forums