[36157] in Kerberos
NFSv4 and root access
daemon@ATHENA.MIT.EDU (Jaap)
Fri May 30 10:19:42 2014
To: kerberos@mit.edu
From: Jaap <jwinius@umrk.nl>
Date: Fri, 30 May 2014 14:19:10 +0000 (UTC)
Message-ID: <lma40t$sud$2@ger.gmane.org>
Mime-Version: 1.0
X-Complaints-To: usenet@ger.gmane.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi folks,
Recently I got NFSv4 to work together with Kerberos (gss/krb5i or gss/
krb5p) on Debian wheezy, but there's a problem. It has to do with exports
with "no_root_squash" option; when attempting to allow root on the
clients to write to them, this always results in a "Permission denied"
error.
Is there a solution for this, or a workaround?
I'm using rpc.svcgssd and have tried adding the following to idmapd.conf:
[Static]
root/<fqdn>@<realm> = root
Unfortunately, I still got the same result.
I'd like to find a solution for this, as one of the sites I maintain uses
NFS for home directories and the workstations have an elaborate logout
script in /etc/X11/Xreset.d/ that runs as root (it contains many sudo
commands to modify to the user's home directories). A solution might be
to avoid running the logout script as root, but AFAIK that's not possible.
Thanks,
Jaap
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
