Damion de Soto
30-09-2005, 12:28 PM
Captain Dondo wrote:
> I need to be able to 'map' an ordinary user to root...
>
> Here's the scenario:
>
> I am developing for an embedded platform. On my development box, I work
> as an ordinary user. As I compile stuff, I place it into a ~/boot
> directory.
>
> The ~/boot dir is nfsmounted by the embedded SBC as its root fs.
>
> The problem is that the files in ~/boot are owned by
> ordinary_user:ordinary_user, and nfsmounted as being owned by user
> 1001:1001. This wreaks all sorts of havoc when the embedded system
> wants to boot.
>
> I could change the files in ~/boot to be all owned by root, but that is
> a major PITA, since I'd have to be root to make changes to the fs.
>
> I could do development as root, which is probably a "really bad
> idea"(tm). :-)
>
> Or I could figure out some way to get nfs to 'map' user 1001:1001 to
> user 0:0 when it mounts the root fs.
>
> ISTR I could do that at one time, but I can't figure out how....
The 'exports' (5) man page shows the options to do it:
all_squash
Map all uids and gids to the anonymous user. Useful for NFS-exported public FTP
directories, news spool directories, etc. The opposite option is no_all_squash,
which is the default setting.
anonuid and anongid
These options explicitly set the uid and gid of the anonymous account. This option
is primarily useful for PC/NFS clients, where you might want all requests appear to
be from one user. As an example, consider the export entry for /home/joe in the
example section below, which maps all requests to uid 150 (which is supposedly that
of user joe).
use all_squash, and set the anonuid and anongid to root.
(unless NFS has some built-in security features to prevent you doing this)
Regards,
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer email: damion@cyberguard.com.au
CyberGuard Corporation ---- ph: +61 7 3435 2809
| Custom Embedded Solutions fax: +61 7 3891 3630
| and Security Appliances web: http://www.cyberguard.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~
---- Free Embedded Linux Distro at http://www.snapgear.org ----
> I need to be able to 'map' an ordinary user to root...
>
> Here's the scenario:
>
> I am developing for an embedded platform. On my development box, I work
> as an ordinary user. As I compile stuff, I place it into a ~/boot
> directory.
>
> The ~/boot dir is nfsmounted by the embedded SBC as its root fs.
>
> The problem is that the files in ~/boot are owned by
> ordinary_user:ordinary_user, and nfsmounted as being owned by user
> 1001:1001. This wreaks all sorts of havoc when the embedded system
> wants to boot.
>
> I could change the files in ~/boot to be all owned by root, but that is
> a major PITA, since I'd have to be root to make changes to the fs.
>
> I could do development as root, which is probably a "really bad
> idea"(tm). :-)
>
> Or I could figure out some way to get nfs to 'map' user 1001:1001 to
> user 0:0 when it mounts the root fs.
>
> ISTR I could do that at one time, but I can't figure out how....
The 'exports' (5) man page shows the options to do it:
all_squash
Map all uids and gids to the anonymous user. Useful for NFS-exported public FTP
directories, news spool directories, etc. The opposite option is no_all_squash,
which is the default setting.
anonuid and anongid
These options explicitly set the uid and gid of the anonymous account. This option
is primarily useful for PC/NFS clients, where you might want all requests appear to
be from one user. As an example, consider the export entry for /home/joe in the
example section below, which maps all requests to uid 150 (which is supposedly that
of user joe).
use all_squash, and set the anonuid and anongid to root.
(unless NFS has some built-in security features to prevent you doing this)
Regards,
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer email: damion@cyberguard.com.au
CyberGuard Corporation ---- ph: +61 7 3435 2809
| Custom Embedded Solutions fax: +61 7 3891 3630
| and Security Appliances web: http://www.cyberguard.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~
---- Free Embedded Linux Distro at http://www.snapgear.org ----