Discussion:
[EON] sharenfs with maproot option does not work
Ronald Verlaan
2011-06-02 17:55:18 UTC
Permalink
Hi all,

I am trying to set the maproot option but whatever syntax I use I always get an error.

This is what I am trying:
zfs set sharenfs="-maproot=root" tank/download

The error is:
cannot set property for 'tank/download': 'sharenfs' cannot be set to invalid options

What am I doing wrong?

Regards,

Ronald
--
This message posted from opensolaris.org
Andre Lue
2011-06-03 05:21:09 UTC
Permalink
please see
http://download.oracle.com/docs/cd/E19253-01/819-5461/gamnd/index.html
--
This message posted from opensolaris.org
Ronald Verlaan
2011-06-03 09:01:34 UTC
Permalink
Thank you for the links!

Ok, so it seems that the maproot option does not exist. Is there any equivalent or alternative for eon to map root user to root user instead of user nobody?

Regards,

Ronald
--
This message posted from opensolaris.org
Andre Lue
2011-06-03 13:44:31 UTC
Permalink
You are looking to disable "root squashing", root=host

zfs set sharenfs='rw=192.168.1.0/24,root=192.168.1.30/32' tank/download
http://allanfeid.com/content/ultimate-file-server-opensolaris-and-zfs
http://robinbowes.com/article.php/20080411002106299

root is usually squashed by default for security reasons. root user on another machine is mapped to the user nobody when accessing the NFS share. If root were not squashed by default, it would mean that a user that could access the NFS server from a machine that they had root on and would be able to have root access to your NFS share. You can grant root NFS access to specific machines using:
zfs set sharenfs="root=hostname.domain.com:secondhost.domain.com:thirdhost.domain.com" tank/download
or
zfs set sharenfs="root=.subdomain.domain.com" tank/download
which will enable access for the entire subdomain. If you use hostnames, reverse and forward DNS need to be properly setup.
--
This message posted from opensolaris.org
Ronald Verlaan
2011-06-03 15:44:23 UTC
Permalink
Thanks a lot for helping me out again! :-)

I am aware of the security implications, which is not an issue since I am the only user in my home setup.

Regards,

Ronald
--
This message posted from opensolaris.org
Ronald Verlaan
2011-06-04 19:35:14 UTC
Permalink
Unfortunatly its still not working. Setting the no root squash works now, but files written as root on a linux machine are still written as user nobody on EON.

/etc/dfs/sharetab does contain this:
/tank/download - nfs sec=sys,rw,root=192.168.1.0/24

The linux machine has 192.168.1.1 as ts ip address.

Any ideas why the no root squash is not working?

Regards,

Ronald
--
This message posted from opensolaris.org
Ronald Verlaan
2011-06-05 11:56:07 UTC
Permalink
Ok, found it ;-)

It doesn't like the /24 netmask.

I am using now:
zfs set sharenfs='rw,root=192.168.1.1:192.168.1.100' tank/download

to enable root access from two linux workstations.

This is working well :-)

Ronald
--
This message posted from opensolaris.org
Loading...