NFS and all_squash confusions
For some temporary data migration task, I need to set up an NFS server. The UIDs on both machines do not match, so I somehow need to avoid permission issues.
Luckily, I thought, there's an all_squash
option. It says:
all_squash: Map all uids and gids to the anonymous user. Useful for NFS-exported public FTP directories, news spool directories, etc. The opposite option is no_all_squash, which is the default setting.
To map to my desired user and group, I additionally specified anonuid=12345
and anongid=15101982
:
anonuid and anongid: These options explicitly set the uid and gid of the anonymous account. This option is primarily useful for PC/NFS clients, where you might want all requests appear to be from one user. As an example, consider the export entry for /home/joe in the example section below, which maps all requests to uid 150 (which is supposedly that of user joe).
Create a file on a client connected to the NFS share, and as expected I see the following behavior (uid/gid have been changed to 12345
):
$ touch test && ls -l test
-rw-rw-r-- 1 12345 12345 0 Aug 25 18:10 test
However, files which already exist on the share, still have their original uid and gid:
$ ls -l existing-file
-rw-rw-r-- 1 98765 98765 0 Aug 25 18:11 existing-file
Am I not understanding things correctly? I had assumed that all_squash
would simply squash all files uids and gids? If that's not the case, can this be achieved?
The NFS protocol uses RPC-based credentials when a new file is created. By setting all_squash+anonuid you change the credentials that are associated with that particular client. IOW, it have influence only on permission check for users requests and ownership of newly created files and directories. The ownership of existing files is not affected.