NFS all_squash option

Hello,
I just configure 2 debian lenny with kernel 2.6.26-2-686-bigmem and try
to export nfs3 dir using all_squash or root_squash option but looks like
squash failed... nothing on log file, no iptables... here the conf

from exports on server :
/home/tt
client(rw,all_squash,anonuid=105,sync,no_wdelay,no _subtree_check)

from fstab on client :
server:/home/tt /home/tt nfs rsize=8192,wsize=8192,hard,intr,noatime 0 0

but on client all the files are still showing a wrong uid...

did I miss something ? ;-)

Thanks
Laurent

laurent wrote:
> Hello,
> I just configure 2 debian lenny with kernel 2.6.26-2-686-bigmem and try
> to export nfs3 dir using all_squash or root_squash option but looks like
> squash failed... nothing on log file, no iptables... here the conf
>
> from exports on server :
> /home/tt client(rw,all_squash,anonuid=105,sync,no_wdelay,no _subtree_check)
>
> from fstab on client :
> server:/home/tt /home/tt nfs rsize=8192,wsize=8192,hard,intr,noatime 0 0
>
> but on client all the files are still showing a wrong uid...
>
> did I miss something ? ;-)

Define "showing wrong uid."

If you mean you do "ls" and can still see the file owners' uids, that's
expected. The squash options don't change the files you're accessing
(server's uids). They only change how you access them (client's uids).

Allen Kistler a écrit :
> laurent wrote:
>> Hello,
>> I just configure 2 debian lenny with kernel 2.6.26-2-686-bigmem and
>> try to export nfs3 dir using all_squash or root_squash option but
>> looks like squash failed... nothing on log file, no iptables... here
>> the conf
>>
>> from exports on server :
>> /home/tt
>> client(rw,all_squash,anonuid=105,sync,no_wdelay,no _subtree_check)
>>
>> from fstab on client :
>> server:/home/tt /home/tt nfs rsize=8192,wsize=8192,hard,intr,noatime 0 0
>>
>> but on client all the files are still showing a wrong uid...
>>
>> did I miss something ? ;-)
>
> Define "showing wrong uid."

hu ? what's that ?

>
> If you mean you do "ls" and can still see the file owners' uids, that's
> expected. The squash options don't change the files you're accessing
> (server's uids). They only change how you access them (client's uids).

well, 'ls' on client doesn't show the new uid

laurent a écrit :
> Allen Kistler a écrit :
>> laurent wrote:
>>> Hello,
>>> I just configure 2 debian lenny with kernel 2.6.26-2-686-bigmem and
>>> try to export nfs3 dir using all_squash or root_squash option but
>>> looks like squash failed... nothing on log file, no iptables... here
>>> the conf
>>>
>>> from exports on server :
>>> /home/tt
>>> client(rw,all_squash,anonuid=105,sync,no_wdelay,no _subtree_check)
>>>
>>> from fstab on client :
>>> server:/home/tt /home/tt nfs rsize=8192,wsize=8192,hard,intr,noatime 0 0
>>>
>>> but on client all the files are still showing a wrong uid...
>>>
>>> did I miss something ? ;-)
>>
>> Define "showing wrong uid."
>
> hu ? what's that ?
>
>>
>> If you mean you do "ls" and can still see the file owners' uids,
>> that's expected. The squash options don't change the files you're
>> accessing (server's uids). They only change how you access them
>> (client's uids).
>
> well, 'ls' on client doesn't show the new uid

Ok, just understand that it acts like a proxy and only change uid and
gid in order to makes all request appearing 'as anonuid' on the server
side and not changing uid on client

thx

laurent wrote:
> Allen Kistler a écrit :
>> laurent wrote:
>>> Hello,
>>> I just configure 2 debian lenny with kernel 2.6.26-2-686-bigmem and
>>> try to export nfs3 dir using all_squash or root_squash option but
>>> looks like squash failed... nothing on log file, no iptables... here
>>> the conf
>>>
>>> from exports on server :
>>> /home/tt
>>> client(rw,all_squash,anonuid=105,sync,no_wdelay,no _subtree_check)
>>>
>>> from fstab on client :
>>> server:/home/tt /home/tt nfs rsize=8192,wsize=8192,hard,intr,noatime 0 0
>>>
>>> but on client all the files are still showing a wrong uid...
>>>
>>> did I miss something ? ;-)
>>
>> Define "showing wrong uid."
>
> hu ? what's that ?
>
>>
>> If you mean you do "ls" and can still see the file owners' uids,
>> that's expected. The squash options don't change the files you're
>> accessing (server's uids). They only change how you access them
>> (client's uids).
>
> well, 'ls' on client doesn't show the new uid

Exactly. It won't.
squash doesn't change the uid of the server resource.
It changes the uid of the client user.

On the server, say "serverfile" is owned by user "sam" with uid 500.
On the server, say uid 105 is user "fred."
On the client, say user "george" is logged in with uid 600.

When george does an "ls" on serverfile, he sees that it's owned by sam.
When george accesses serverfile, he does it as user fred.

squash is all about protecting serverfile, not anonymizing sam.