mounting a linux NFS share - different UID/GID on remote server

Question

Level 1

8 points

mounting a linux NFS share - different UID/GID on remote server

I am trying to mount an NFS volume under Leopard 10.5.5 which exists on a linux server running linux. My user ID on the linux server has read/write privileges on this directory. However, my UID/GID is different on the remote server to the one I have on my Mac. I do not have administrative privileges on the linux server, and the administrators of that machine are not willing to make the directory RW accessible to all. I don't want to risk changing the UID/GID on my Mac either.

Is there an alternative, for example some way of mapping my UID on the Mac to my UID on the linux server when issuing the mount command? I have not been able to come up with any solutions after a long googling session.

Mac Pro 2x3.2 GHz quad core xeon, 16 GB RAM, Mac OS X (10.5.5)

Posted on Nov 3, 2008 10:18 AM

Reply

Answer 1

rccharles

Level 6

13,037 points

Nov 8, 2008 9:29 PM in response to seleya

This is tricky stuff.

I suggest that you make a complete backup of your system. You should create a second administrator account from which you use to change your original account. You should log out your original account before proceeding.

You need to change these things:
1) Your account information
2) All of your files & folders

Each file has an owning user and a group of users that are allowed to access the file. Also, there is a another access for all users. The owning user is the UID field. The group of users is the GID.

1) Use theNetInfo Manager to change what uid and gid are defined for your account application. ( This doesn't change the UID & GID on your files and folders! )

harddrive -> Applications -> Utilities -> NetInfo Manager

In the middle column is the function. Pick users then select your user. Click on the lock at the bottom of the panel. Go into the property list and change UID and GID."

2) Change your files & folders
Macintosh-HD -> Applications -> Utilities -> Terminal

sudo find -x / -user 501 -exec chown 5464 {} \;

sudo find -x / -group 20 -exec chgrp 211 {} \;

#combined change of uid & gid
sudo find -x / -user 501 -exec chown 5464:211 {} \;

There are two schemes for assigning a group to a user:
1) Assign all users to a common group like staff. Used in Mac OS 10.2
2) Assign each user to their own group. A user like test would be in group test. Used in Mac OS 10.4.

Mac OS uses method 1 in 10.2 and method 2 in 10.4.

You should not have multiple users assigned to the same uid. My worry is that if you are only change in the 50x range, you could run into a conflict.

Your best bet is to change to a high number like 5464 on all of your accounts.

On Mac OS, there are a few files that have the old uid as part of their names. The .Trashes file will be on your removal media and maybe everywhere.

/.Trashes/501
/Library/Caches/com.apple.IntlDataCache.501
/Library/Caches/com.apple.IntlDataCache.sbdl.501
/Library/Caches/com.apple.user501pictureCache.tiff

Here are some terminal commands:
Macintosh-HD -> Applications -> Utilities -> Terminal

cd /Applications

#Your current user is:
echo $USER
#Let's assume myuser

#To find out your UID and GID do:

cd ~
ls -ln
ls -l

#Or, you can use the id command.
id

Now, compare the output and write down what you find.

You best use the numeric value for your userid. In this case it is 500. Before you do a command that will change files, you should list all the files to be changed. From an administrator account, enter the following command:
sudo find / -user 500 -exec ls -l {} \;
# the system will ask for your log on password. Type it in. The letters will not appear on the screen. Then, press the enter key.

# adding a -x before the / limits the search to the current file system.

# To stop the display press control-c

This command will change the ownership of a file.
sudo find -x / -user 500 -exec chown 1000 {} \;

#And you need to do this from an administrator id.

Hope this helps a little.

Robert

Reply

Answer 2

BobHarris

Level 9

56,945 points

Nov 4, 2008 9:15 PM in response to seleya

Why not create a new account, and then mung that account to have matching UID/GID values. Then use sudo mount_nfs with the correct options to allow the mount.

Once you master creating a new account with the UID/GID you prefer, you could always just transfer all your stuff over to this account and make this your home.

Reply

Answer 3

Nov 9, 2008 6:21 AM in response to rccharles

Robert

The OP is using 10.5, and there is no NetInfo Manager in Leopard. Also Leopard has reverted to the 10.2 "staff" group for all users, rather than the Linux and Sys V style "User Private Groups".

This is tricky stuff.

You are absolutely right about this.

My own preference would be to try a new account, as Bob suggested. Once that is working satisfactorily, any other issues such as sharing file access can be addressed.

Reply

Answer 4

jet3723

Level 1

0 points

Nov 26, 2008 8:25 PM in response to seleya

I have an exported directory on my RedHat Enterprise box. Of course, when I NFS mounted from my IMac the UID and GID on my mount directory on my IMac were those of the exported directory. I too was getting the Permission Denied error.

Solution:
Export the directory with the all_squash, anonuid and anongid flags. Set the anonuid and anongid to the UID and GID of the exported directory. The all_squash flag causes all NFS requests to use the anonymous UID and GID. Voila...no more permission denied errors.

Reply

Answer 5

Nov 27, 2008 10:25 AM in response to jet3723

jet3723 wrote:
Export the directory with the all_squash, anonuid and anongid flags. Set the anonuid and anongid to the UID and GID of the exported directory. The all_squash flag causes all NFS requests to use the anonymous UID and GID.

He doesn't control the server doing the export.

Maybe the server admins can be coaxed into implementing map_static?

Reply