[CentOS] NFS4 idmap question

Tue May 6 17:39:28 UTC 2014
m.roth at 5-cent.us <m.roth at 5-cent.us>

Peter Wood wrote:
> I'm sorry, small correction. On the CentOS5 systems httpd runs as user
> daemon (uid:2).
>
> On Tue, May 6, 2014 at 10:11 AM, Peter Wood <peterwood.sd at gmail.com>
> wrote:
>
>> HTTPD on some of my CentOS5 systems is configured to run as user
>> "nobody". Also, it needs access to some exported file systems. CentOS5
uses NFS3
>> so I changed the ownership of the files on the storage server to
"nobody" to
>> give httpd full permissions.
>>
>> Now I want to rebuild these systems with CentOS6 and httpd running as
>> user "apache". The problem is how to give access to the NFS exports to
these
>> new servers while the old ones are still using the same exports.
>>
>> CentOS6 uses NFS4 so I was thinking to use idmap and statically map user
>> "nobody" to local user "apache" but I can't seem to get it working.
>>
>> I wonder is it even possible considering that user "nobody" is a system
>> type user?
>>
>> Any better ideas what I can do to give user nobody on CentOS5 and user
>> apache on CentOS6 full access to the same NFS exported directories
>> locally owned by user nobody?

Sure: make it group apache, and group readable (and writeable, where
necessary).

Oh, and make sure you setsebook httpd_use_nfs=on, to shut up selinux.

       mark