Comments (4)
Are you trying to have multiple users access the server, and translate the permissions of those users into the file access permissions? do you mean that when you mount, you aren't seeing the expected unix permissions of files on the client?
from go-nfs.
Having multiple users access the server is the use case. Every user will have their own uid,gid. At this point this is what I'm seeing:
The exported folder is owned by UID 5000, the nfs server is run by the UID 5000.
When I mount the share from another server, I do see the files and folder being owned by UID,GID 5000. Even if I don't have access to the file because my UID is 1000 and I don't have GID 5000 assigned to this user I can read the file and even modify it.
This is what I see from user 1000 when it accesses the mount:
$ ls -l
total 1
-rw-rw----. 1 5000 5000 0 feb 16 17:10 dummy1
With this user I can read, create and update files. When new files are created they get created with UID and GID set to 5000. So my guess is that the nfs is receiving the creation order and instead of checking the permissions it goes ahead and create the files with its own UID,GID combination.
So summarizing, I do see the unix permissions of files on the clients, but they're not honored.
from go-nfs.
Authentication and permission of clients is not fully worked through on any of the example handlers, as my primary use case has been in single user systems.
When a user mounts the filesystem, the handler is able to check access of the mount
and associate an effective user with the file system view returned.
Currently access for all demos is just using a NullAuthHandler
which doesn't attempt to do any uid association between client and server UIDs.
from go-nfs.
Okay, since this is expected I'm closing the issue.
Thanks.
from go-nfs.
Related Issues (20)
- There are still places where FileID zero is returned, which confuses linux HOT 9
- Still getting stale file handle issues: see #100 HOT 3
- `onRename` errors out with "comparing uncomparable type" HOT 4
- if `fs.Remove` fails with `non-empty directory`, the server should forward that. HOT 1
- Incorrect handling of an open file's `Name()` HOT 1
- If `Read` is above a certain size, it will return nothing HOT 1
- onReadDirPlus with small cache yields no results, but no error HOT 2
- Some Write calls leads to data loss HOT 30
- A git clone will lead to the server displaying files with corrupted permissions HOT 9
- Unnecessary error messages for non-errors HOT 8
- make `onlookup` use stat rather than readdir HOT 1
- Removing directory leads to `Stale file handle` HOT 3
- Symbolic Links Cause Stale NFS File Handles HOT 1
- tagged releases
- fs.Stat is called when fs.Lstat should be called HOT 5
- support backing systems without exposed fileids
- Sockets don't work through mount HOT 11
- "Illegal instruction" when trying to run `su user` in chroot in mount HOT 29
- `flock` hangs HOT 3
- GETATTR does not set fhandle in returned struct HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-nfs.