Originally posted by: stevenj
Has anyone got a doc for using a NFS share with FreeIPA, (LDAP)?
I have created a nfs share but I cant set permissions....I assume I need some sort of access to set this up.....cant see how/what though.
Originally posted by: benhutch
The Admin Guide goes into how to setup a generic LDAP directory for user and group mappings, we support some common schemas (use the ldap-schema to see which for your version) and can customise the LDAP searches performed using ldap-search-config. Unfortunately I'm not familiar with FreeIPA so can't comment on exactly how you integrate with it.
Originally posted by: raob
You do not need LDAP to setup permissions.
LDAP is used for quota support.
With out LDAP you can use the UID/GID numbers instead..
The hosts mounting the NFS filesystems could be running LDAP or your could manually keep the the password/group files in sync across all hosts.
This doesnt answer what I asked....I cant get high enough permissions to set up a file structure and set permissions for others.
So OK how do I do it then? Without the equiv of root access I cant build a filestructure...and set permissions ie allow or deny access
Create a filesystem on the Bluearc
Add an NFS export to the filesystem - in the export list you will need to grant a host with permissions for root access with read-write permission(s) to the export.
Logon to the host with root read-write permissions - mount the NFS export and from there you can build the filestructure/namespace using mkdir/chown. At this point - your hosts could be using LDAP or something like NIS to keep all the password/group files in sync.. If not you can still use numeric uid/gids
from the NFShost.
By default the BlueArc will create an export/filesystem with ugo+rwx permissions - you may wish to change these. Otherwise the people access the export can create their own structure(s).
Thanks, this looks a lot more useful, what permissions to stop ppl making their own structures?
when the filesystem is first mounted it will look like (ls -l) after creation,
drwxrwxrwx 3 root root 2048 Dec 31 06:09 .
- Set the owner and group of the mount point ( IE /mnt/bluearc )
- chmod og-w /mnt/bluearc
drwxr-xr-x 3 root root 2048 Dec 31 06:10 .
Then create the directories and set the owner and group owner bits and then permission bits.
If you relie on "groups" you may wish to set the group-sticky bit.. chmod g+s (only do this for
groups users belong to, IE not system group or root).
Thanks, that will help...
Unable to figure out how to do this.....are there any simple docs with screenshots?
Retrieving data ...