Re: [Nolug] mount question

From: -ray <ray_at_ops.selu.edu>
Date: Sun, 5 Dec 2004 19:24:02 -0600 (CST)
Message-ID: <Pine.LNX.4.44.0412051901060.28521-100000@romulus.csd.selu.edu>

NFS security (or lack thereof) uses the UID/GID permissions of the shared
files. So Apache needs to have UID/GID 72 on both box A and B. Then when
mounted, apache appears to own the files on box A as well. If squirelmail
runs as a different user, you'll have to monkey with groups and set all
GID permissions correctly. You can setup the mount in /etc/fstab like so:

andrea:/usr3 /usr3 nfs rsize=8192,wsize=8192,timeo=14,intr 0 1

The important thing to remember is all users/UID's/GID's need to be synced
across all machines. NFS was originally intended to be used with NIS,
which took care of making sure your UID/GID was consistent across all
machines.

ray

On Sun, 5 Dec 2004, David John wrote:

> Thanks Scott, that worked out great.
>
> I'd still like to know how to mount an NFS share as a non-root user.
>
> Dave
>
> PS the virtual host example you showed was extremely helpful but the
> ending tag wasn't closed, i.e. </VirtualHost>. It took me a minute to
> figure out why it wasn't working. (Duh) ;-)
>
> On Sat, December 4, 2004 12:51 pm, Scott Harney said:
> > David John wrote:
> >
> > Better idea. Run apache on your firewall and reverseproxy connections
> > in to your two webservers based on the virtualhost URL. Here's how to
> > do it: http://www.scottharney.com/blog/2003/02/21/#apache_proxy
> >
> > O'Reilly's "Linux Hacks" book has some similar tips in the last couple
> > of chapters.
> >
> >
> >> Here is what I'm trying to do:
> >>
> >> I have one public IP
> >> I have a basic firewall distro
> >> I have port 80 pointed towards Box A which is running Apache, etc.
> >> I have port 8000 pointed towards Box B which is running squirrelmail,
> >> etc.
> >> I have set up NFS on Box B to share the squirrelmail directory, etc.
> >> I can mount said directory on Box A and everything is dandy.
> >>
> >> What I would like to do is mount said directory as user Apache so that
> >> squirrelmail would appear to be running on Box A. (I have already set
> >> up
> >> a virtual host.)
> >>
> >> How would I go about achieving this through fstab or other means? I
> >> know
> >> this probably isn't the most secure thing in the world but I am curious
> >> to
> >> see how it would perform. Apache is running as userid, groupid 72 on
> >> Box
> >> A and 48 on Box B.
> >>
> >> Thanks,
> >> Dave
> >>
> >> ___________________
> >> Nolug mailing list
> >> nolug@nolug.org
> >>
> >
> >
> > --
> > Scott Harney<scotth@scottharney.com>
> > "Asking the wrong questions is the leading cause of wrong answers"
> > gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
> > ___________________
> > Nolug mailing list
> > nolug@nolug.org
> >
>
>
> ___________________
> Nolug mailing list
> nolug@nolug.org
>

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean  				       	 http://www.r-a-y.org
Systems Engineer                    Southeastern Louisiana University
IBM Certified Specialist  	      AIX Administration, AIX Support
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
___________________
Nolug mailing list
nolug@nolug.org
Received on 12/05/04

This archive was generated by hypermail 2.2.0 : 12/19/08 EST