Group access on NFS exports.

I have a server that has several directories exported to various PCs
and allows only particular users to access them. However, I need to
have some exported directories that allow group access via NFS.

How is this done? I have created a group and put several users into it
but they still don't get access to the exported directory.

Example from my /etc/exports file:

/Test 192.168.254.1/255.255.255.0 @TestGroup(rw,no_root_squash,async)

The above line should allow anyone from the 'TestGroup' to access the
/Test directory. Correct? It does not even though the test directory
looks like:

drwxrwx--- 2 root TestGroup 4096 May 17 2003 Test/

Can anyone please tell me how to allow NFS access to a group on a
directory while keeping non-group members out?

Thanks.

Suddn <(E-Mail Removed)> wrote:
> I have a server that has several directories exported to various PCs
> and allows only particular users to access them. However, I need to
> have some exported directories that allow group access via NFS.

> How is this done? I have created a group and put several users into it
> but they still don't get access to the exported directory.

You are sure that UID & GID are the same on all clients and the
server for your users?

--
Michael Heiming

Remove +SIGNS and www. if you expect an answer, sorry for
inconvenience, but I get tons of SPAM

On Thu, 01 Jan 2004 01:11:49 +0100, Michael Heiming wrote:

> Suddn <(E-Mail Removed)> wrote:
>> I have a server that has several directories exported to various PCs
>> and allows only particular users to access them. However, I need to
>> have some exported directories that allow group access via NFS.
>
>> How is this done? I have created a group and put several users into it
>> but they still don't get access to the exported directory.
>
> You are sure that UID & GID are the same on all clients and the
> server for your users?

Yes. They are the same.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2003-12-31, Suddn <(E-Mail Removed)> wrote:
>
> Example from my /etc/exports file:
>
> /Test 192.168.254.1/255.255.255.0 @TestGroup(rw,no_root_squash,async)
>
> The above line should allow anyone from the 'TestGroup' to access the
> /Test directory. Correct?

Not at all. @TestGroup is an NIS netgroup, *not* a group listed in
/etc/group. So you've specified no options for 192.168.254.1, and a
bunch of options for a nonexistent netgroup. Things probably won't work
the way you want.

> It does not even though the test directory
> looks like:
>
> drwxrwx--- 2 root TestGroup 4096 May 17 2003 Test/
>
> Can anyone please tell me how to allow NFS access to a group on a
> directory while keeping non-group members out?

Just do this:

/Test 192.168.254.1/255.255.255.0(rw,no_root_squash,async)

Of course, if any of your users has a client's root password, they can
easily get around your restrictions (root_squash or no).

You should probably check the logs at both the client and the server,
and if you still have trouble post the relevant entries; otherwise any
troubleshooting is just mindreading.

- --keith

- --
kkeller-(E-Mail Removed)
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/9hwOhVcNCxZ5ID8RAvhvAKCR/+x7a/GGdMDoymMQwwIMH5fWAwCdF8jc
K+8k9MAjVMM9PEmyHpKlC9E=
=pQdZ
-----END PGP SIGNATURE-----

On Fri, 02 Jan 2004 17:34:07 -0800, Keith Keller wrote:

>> directory while keeping non-group members out?
>
> Just do this:
>
> /Test 192.168.254.1/255.255.255.0(rw,no_root_squash,async)
>
> Of course, if any of your users has a client's root password, they can
> easily get around your restrictions (root_squash or no).
>

But this doesn't work. If I change the directories mods to 770 then I
have no access. (owner being root.testgroup) And I being in the
testgroup group.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2004-01-04, Suddn <(E-Mail Removed)> wrote:
>
> But this doesn't work. If I change the directories mods to 770 then I
> have no access. (owner being root.testgroup) And I being in the
> testgroup group.

I suggest you reread my previous post, especially the part where I talk
about logs, error messages, and mindreading. "But this doesn't work" is
useless, as it could mean anything. Be specific about what you have
done (server and client) and what errors you get (cut and paste, not
retyped) and what the logs say (ditto).

- --keith

- --
kkeller-(E-Mail Removed)
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/97/XhVcNCxZ5ID8RAkoDAKCcrDh6SX8zRQnZsSvxy6jR6OkUYQCfS DN9
xlOYVY4/LTL/SkeXzhg/x9c=
=ZZ4h
-----END PGP SIGNATURE-----