■ NFS Option 중에서 root_squash, no_root_squash 에 대해 알아보자.
>vi /etc/exports
를 열어보면 아래와 같이 세팅되어 있다.
/home2/batt2 10.88.*.*(rw,no_root_squash)
- no_root_squash : client가 root면 server에도 root로 접근하게 함. 신뢰할 수 있는 사람에게만 허용할 것
- root_squash : client가 root 라도 sever에 nobody로 mapping 함.
안정성을 위해 다음과 같이 수정하자.
/home2/batt2 10.88.*.*(rw,root_squash)
■ 참고 Web
- no_root_squash - Allows root users on client computers to have root access on the server. Mount requests for root are not be mounted to the anonomous user. This option is needed for diskless clients.
- root_squash - Requests from root clients are mapped to the nobody user and group ID so they will only have file privileges associated with other.
- http://www.comptechdoc.org/os/linux/usersguide/linux_ugnfs.html
■ DTV 보드 -> 서버 접근
DTV 보드에서 서버를 mount 할 때, DTV에서는 무조건 root로 사용됨
root_squash 일 경우 nobody로 접근하기 때문에
서버로 업로드/다운로드 할 파일이 있으면 chomod -777 을 이용하여 소유권 변경을 하고 나서 사용하자.
※ mount 되는 서버쪽도 권한 설정을 해줘야 자유로운 이동이 가능
■ 변경사항 적용
/etc/init.d/nfs restart
/etc/init.d/nfsserver restart
Common options to use
rw - By default, NFS will export the directory read-only. Quite often you might want to give write access too, for example when user home directories are being exported off a server.
no_root_squash - NFS exports
directories with root_squash turned on. This means that root on the
client machine will be mapped to the anonymous UID, commonly nobody.
The result is that root on the client machine will not be able to
access anything in the exported entry. The no_root_squash option
prevents this behavior. This options should only be used for trusted
clients. We had to use this one for the root filesystems that are
exported for the diskless clients.
noaccess - Use this one to make everything under a directory inaccessible to the client. Again this is a way of narrowing down the access permissions. Possible usage is when you're exporting a directory but certain directories under that exported directory should not be accessible to some hosts.
