# NFS Questions



## Keith (Mar 28, 2010)

FreeBSD Manual says host can't modify files on the NFS unless -maproot specified in /etc/exports "If the -maproot=root flag is not specified, then even if a user has root access on the remote system, he will not be able to modify files on the exported file system."  First of all, this only means the client can't have root permissions on the NFS server.  It's deceptive because if -maproot-root is NOT specified, the root user on the client does have ability to create and save files on the NFS.  I learned that doing so (being root on the client & writing files to the NFS) I see that the file's owner is 4294967294 and group wheel. (This # is what results when -2 is coerced into a non-signed integer on a 32-bit system). In other words, the root user on a client is given -2 (priority) on the NFS server and not a "0" that the root ususally enjoys.  Of coure, the user on the client has to SU just to mount the NFS.  Then exit out of the SU and provided the user is named "kat", writing files to the NFS will show a file owned by "kat" instead of it being owned by 4294967294.
   As I understand it, NFS deamon gives access to machines via the /etc/exports file.   So, why isn't there a way to have the client SU and mount a NFS and then return back to a user account without having a simple user be told how to mount an NFS on their laptop?


----------



## jalla (Mar 28, 2010)

Keith said:
			
		

> FreeBSD Manual says host can't modify files on the NFS unless -maproot specified in /etc/exports "If the -maproot=root flag is not specified, then even if a user has root access on the remote system, he will not be able to modify files on the exported file system."  First of all, this only means the client can't have root permissions on the NFS server.  It's deceptive because if -maproot-root is NOT specified, the root user on the client does have ability to create and save files on the NFS.  I learned that doing so (being root on the client & writing files to the NFS) I see that the file's owner is 4294967294 and group wheel. (This # is what results when -2 is coerced into a non-signed integer on a 32-bit system). In other words, the root user on a client is given -2 (priority) on the NFS server and not a "0" that the root ususally enjoys.  Of coure, the user on the client has to SU just to mount the NFS.  Then exit out of the SU and provided the user is named "kat", writing files to the NFS will show a file owned by "kat" instead of it being owned by 4294967294.
> As I understand it, NFS deamon gives access to machines via the /etc/exports file.   So, why isn't there a way to have the client SU and mount a NFS and then return back to a user account without having a simple user be told how to mount an NFS on their laptop?



[Sorry I'm not a native english-speaker so I may miss your point]

Is there a question in there somewhere?
If it is, I'd say the answer is probably amd(8).


----------



## Keith (Mar 28, 2010)

I'm simply trying to give a user access to their own NFS share without having to explain how to SU and mount /mnt on their laptop.


----------



## jalla (Mar 28, 2010)

Keith said:
			
		

> I'm simply trying to give a user access to their own NFS share without having to explain how to SU and mount /mnt on their laptop.



In that case put the following in /etc/rc.conf

```
amd_enable="YES"
amd_flags="-a /a -c 150 -l /var/log/amd /net /etc/amd.net
```

I think amd.net is there by default. If it's not create /etc/amd.net

```
/defaults       type:=host;fs:=${autodir}/${rhost}/host;rhost:=${key}
*               opts:=rw,grpid,resvport,vers=3,proto=tcp,nosuid,nodev
```

reboot (or just start amd with the given options). From there on you can access any available export in your network as "/net/HOST/XXX".
IE. as my home is in /h/tl on host gong, from host gnome I would do this


```
gnome:~% cd /net/gong/h/tl
gnome:/net/gong/h/tl% df .
Filesystem    Size    Used   Avail Capacity  Mounted on
gong:/h        19G    5.0G     13G    28%    /a/gong/host/h
```


----------



## Keith (Mar 28, 2010)

"Using amd provides a simple alternative to permanent mounts, as permanent mounts are usually listed in /etc/fstab."  No this is not an option, as the NFS file system is set to a permanent mount point in fstab.  I'm referring to the necessity to SU and mount /mnt, then to exit, before accessing the files a user ownes on an NFS.


----------



## Keith (Mar 28, 2010)

OK.  I'll try it.  thanks for the suggestion.


----------

