1 Reply Latest reply: Sep 24, 2012 4:14 PM by Camelot
AppleJason Level 1 Level 1 (10 points)

I'm trying to setup a new 10.6.8 server with NFS home shares instead of AFP, so that more than one user can log onto the computer at a time. (fast user switching on)

 

I've created a new folder on the server for the NFS share, unchecked AFP, checked NFS.... export to world.... then...

 

my question is:

 

Mapping:  should this be ROOT TO ROOT? or ROOT TO NOBODY (the default, 3rd down, option)?

 

Minimum security....Standard or should I turn on Kerberos and select one of these options?

 

I don't want users to be able to see other users home directories.  We're a totally 10.6.8 mac client/server environment.


iMac, Mac OS X (10.6.8), i5 with Thunderbolt
  • 1. Re: nfs home directory question
    Camelot Level 8 Level 8 (45,790 points)

    Mapping:  should this be ROOT TO ROOT? or ROOT TO NOBODY (the default, 3rd down, option)?

     

    Largely irrelvant - at least for home directories. This option only affects what happens when a root user tries to mount the shared directory - 'root to root' means that the root user gets root-level access to the filesystem. 'root to nobody' means that the root user is mapped to 'nobody', an unprivileged account. In some ways, 'root to nobody' makes more sense, although then all root-privileged changes to the directory have to be made on the server itself, rather than over the network.

     

    Minimum security....Standard or should I turn on Kerberos and select one of these options?

     

    If you're running a kerberized environment (including Open Directory with mapped clients) then Kerberos would be preferred.