Can ZFS ACL's be used over NFSv3 on host without /etc/group?
Posted
by
Sandra
on Server Fault
See other posts from Server Fault
or by Sandra
Published on 2012-11-16T16:24:35Z
Indexed on
2012/11/16
17:02 UTC
Read the original article
Hit count: 236
Question at the bottom.
Background
My server setup is shown below, where I have an LDAP host which have a group called group1 that contains user1, user2.
The NAS is FreeBSD 8.3 with ZFS with one zpool and a volume.
serv1 gets /etc/passwd and /etc/group from the LDAP host.
serv2 gets /etc/passwd from the LDAP host and /etc/group is local and read only. Hence it doesn't not know anything about which groups the LDAP have.
Both servers connect to the NAS with NFS 3.
What I would like to achieve
I would like to be able to create/modify groups in LDAP to allow/deny users read/write access to NFS 3 shared directories on the NAS.
Example: group1 should have read/write to /zfs/vol1/project1 and nothing more.
Question
The problem is that serv2 doesn't have a LDAP controlled /etc/group file.
So the only way I can think of to solve this is to use ZFS permissions with inheritance, but I can't figure out how and what the permissions I shall set.
Does someone know if this can be solved at all, and if so, any suggestions?
+----------------------+
| LDAP |
| group1: user1, user2 |
+----------------------+
| | |
|ldap |ldap |ldap
| v |
| +-----------+ |
| | NAS | |
| | /zfs/vol1 | |
| +-----------+ |
| ^ ^ |
| |nfs3 |nfs3|
v | | v
+-----------------------+ +----------------------------+
| serv1 | | serv2 |
| /etc/passwd from LDAP | | /etc/passwd from LDAP |
| /etc/group from LDAP | | /etc/group local/read only |
+-----------------------+ +----------------------------+
© Server Fault or respective owner
