mount nfs subdirectory and still apply parent directory permissions
- by Christophe Drevet
A NFS server exports :
/export/home computers
/export/cont1 computers
On the filesystem, there are these permissions :
$ ls -al /export/cont1
drwxr-x--- 6 root group1 4096 2010-05-04 10:57 .
drwxrwxrwx 5 root root 4096 2010-05-07 14:52 ..
drwxrwxrwx 2 root root 4096 2010-05-06 20:33 .snapshot
drwxr-xr-x 2 user1 group1 4096 2010-05-04 10:57 user1
drwxr-xr-x 2 user2 group1 4096 2010-05-04 10:57 user2
drwxr-xr-x 2 user3 group1 4096 2010-05-04 10:57 user3
So that user4, which is in not in the group1 can't access this directory and its subdirectories.
Now, on its client machine, this user can do :
$ sudo mount server:/export/cont1/user3 /mnt/temp
and then access the directory without permissions on /export/cont1 :
$ id
uid=7943(user4) gid=7943(user4) groupes=1189(group4)
$ ls -al /mnt/temp/
drwxr-xr-x 3 user3 group1 4096 2010-05-04 10:57 .
drwxr-xr-x 7 root root 4096 2010-05-04 11:02 ..
-rw-r--r-- 1 user3 group1 6 2010-05-04 10:56 README
Is there a way to apply /export/cont1 permissions even if it is not mounted ?
The goal is to enable users to mount /home/user3 and only access it if they can access /export/cont1 on the nfs server.
Said in another way : how can I allow a machine to mount /export/cont1/user3 and still don't allow user4 to access it.
Maybe NFSv4 and Kerberos can help ?