Network and Storage Protocols

NFS:root option

ashutosh83
10,770 Views

Hi All

I am trying to understand what the purpose of using the root access restriction option is while exporting an NFS share.

As per http://now.netapp.com/NOW/knowledge/docs/ontap/rel701r1_gf/html/ontap/filesag/2nfs3.htm If you specify a host with the root option, the root user on that host keeps the root UID (0) when accessing the resource.

Doesn't the root user have the UID 0?

Regards

Ashutosh

2 REPLIES 2

ashutosh83
10,770 Views
  • By default, the anon option specifies a UID of 65534. That is, if you do not use the root and anon options for a resource, root users on all hosts access the resource using the UID 65534.
  • If the anon option specifies a UID of 65535, root access is disabled.
  • If the anon option specifies a UID of 0, root access is granted to all hosts.
  • If a name is provided instead of a UID, that name is looked up  according to the order specified in the /etc/nsswitch.conf file to  determine the corresponding UID to be assigned by the anon option.

Clarifies it. Is there anything else that I am missing to understand?

rmharwood
10,770 Views

The root option gives the root user on an NFS client full privileges on the export. Otherwise, the root user, as you said effectively gets mapped to a UID corresponding to "nobody", a user that has no special privileges.

You may use it if you want to prevent someone who has root access on a client system from making changes on the filesystem. To be honest, it is not widely used these days.

Richard

Public