Is it possible to limit the nfs condivision,
so that a certain user from the client
could see only certain directories in the server,
and another one other directories?

Thax
MS

Mauro Sacchetto wrote:

> Is it possible to limit the nfs condivision,
> so that a certain user from the client
> could see only certain directories in the server,
> and another one other directories?

basic unix ownerships and permissions take care of nfs

Dominik L. Borkowski wrote:
> basic unix ownerships and permissions take care of nfs

I don't understand very well... Following your method
is without doubt possible to limit the access to certain dir,
chomod 770 and creating a group, for instance "shares"...
But if I would give to user x the permission to read
dir /a and /b, to user y the permission to read dir /c and /d
and finally to user x the permission to read dir /a and /d?
Is it possible to do that with ownership and permissions?

Thanx
MS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mauro Sacchetto wrote:
> Dominik L. Borkowski wrote:
>
>>basic unix ownerships and permissions take care of nfs
>
>
> I don't understand very well... Following your method
> is without doubt possible to limit the access to certain dir,
> chomod 770 and creating a group, for instance "shares"...
> But if I would give to user x the permission to read
> dir /a and /b, to user y the permission to read dir /c and /d
> and finally to user x the permission to read dir /a and /d?
> Is it possible to do that with ownership and permissions?
>
> Thanx
> MS

Hi

For such cases, you have to create groups, I'd say one for each folder,
assign each group to a folder, giving it read and execute access (maybe
write too, that's your choice). Then you add the users to the right
groups so that they may access the folders.

The 'trick' is to use groups, which can contain more than one user to
rule the permissions...

I hope this is clear enough for you.

Regards
Bram4

- --


BIG BROTHER IS WATCHING YOU
www.anti-dmca.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCfKepsv7ahDE9W98RAuJoAJ0ameK1JyvxQfNsYOq5y9 TiBaSCkwCfd5sw
tGyTHJ2k3BQsxlzr5FFammg=
=0HAg
-----END PGP SIGNATURE-----

bram4 wrote:
> For such cases, you have to create groups, I'd say one for each folder,
> assign each group to a folder, giving it read and execute access (maybe
> write too, that's your choice). Then you add the users to the right
> groups so that they may access the folders.
> The 'trick' is to use groups, which can contain more than one user to
> rule the permissions...

Yes, I understand very well,
even if it's not so confortable...

Thanx!
MS

Mauro Sacchetto <mauro.sacchetto@aliceposta.it> wrote:
>> The 'trick' is to use groups, which can contain more than one user to
>> rule the permissions...

> Yes, I understand very well,
> even if it's not so confortable...

There is also something called Access Control Lists (ACL). If unix groups
is enough my advice is to stick to that only. However, unix groups has
some limitations. Except for the limitations you have already found there
is another limitation in NFS which limits the number of groups a single
user can be a member of to 16.

There are patches which will give ACL functionality to Linux file systems
and also to NFS for Linux. Unfortunately there is no standard for how to
implement ACL in NFS v3 so even if you apply the patches your Linux client
will not be able to modify the ACLs on a NFS-share from another OS like
Solaris.

regards Henrik
--
The address in the header is only to prevent spam. My real address is:
hc2(at)uthyres.com Examples of addresses which go to spammers:
info@k-soft.se info@k-software.biz info@webrider.ru root@localhost

Henrik Carlqvist wrote:
> There is also something called Access Control Lists (ACL). If unix groups
[cut]
> There are patches which will give ACL functionality to Linux file systems
> and also to NFS for Linux.
[cut]

Very interesting, I'll try to study this case

Thanx!
M.