Special Requirements for /home Directories
Special Requirements for /home Directories
| Parameter | Corresponding /etc/exports Command / Description |
|---|---|
| no_root_squash | Treat remote root user as local root; remote root users get root privileges on the shared directory. |
| all_squash | Treat all client users as anonymous users; all remote users are mapped as an anonymous user. |
| anonuid=userid | Specify local user ID for anonymous users; supports mapping of remote users to a specific user ID such as guest. |
| anonuid=userid | Specify local group ID for anonymous groups; supports mapping of remote groups to a specific group ID. |
In either case, you should configure the /etc/idmapd.conf file to set up how the NFS shared /home directories read the authentication database. Otherwise, such home directories may be configured with ownership by the user named nobody, which would be troublesome to regular users. The /etc/idmapd.conf file is straightforward and well commented. In all cases, you should change the Domain, Nobody-User, and Nobody-Group directives to match the domain of the current network and the nfsnobody user and group, to minimize the associated privileges. For the example.com domain, that would be
DOMAIN = example.com
Nobody-User = nfsnobody
Nobody-Group = nfsnobody
While the nsswitch option shown is supposed to be the default, I’ve found it useful in my tests to make it explicit:
Method = nsswitch
As discussed in Chapter 8, LDAP authentication may be incorporated into the associated /etc/nsswitch.conf file. Nevertheless, additional custom options for connections to both LDAP and Kerberos services are shown in the databases. You’ll need to make the same changes to all /etc/idmapd.conf files on each NFS client. Changes are applied when you run the /etc/init.d/rpcidmapd restart command on both the NFS server and each client.