[CentOS] NFS4 idmap question

Peter Wood peterwood.sd at gmail.com
Wed May 7 18:59:45 UTC 2014 

Thanks for the tip for setsebool.

I was hoping to avoid using the group for sharing files in this particular
case but seems that there is no other way.

To make this work I have to change default httpd umask to 0002 (default
0022) on the old and the new servers.

Also we have some processes that use sudo to create files in the NFS shared
directories that need to be writable by httpd so I have to enforce sudo
umask of 0002 (default is the united user's umask and the sudo umask of
0022). And this change will effect all sudo commands not just the ones that
save files in the shared nfs directories.

-- Peter


On Tue, May 6, 2014 at 10:39 AM, <m.roth at 5-cent.us> wrote:

> Peter Wood wrote:
> > I'm sorry, small correction. On the CentOS5 systems httpd runs as user
> > daemon (uid:2).
> >
> > On Tue, May 6, 2014 at 10:11 AM, Peter Wood <peterwood.sd at gmail.com>
> > wrote:
> >
> >> HTTPD on some of my CentOS5 systems is configured to run as user
> >> "nobody". Also, it needs access to some exported file systems. CentOS5
> uses NFS3
> >> so I changed the ownership of the files on the storage server to
> "nobody" to
> >> give httpd full permissions.
> >>
> >> Now I want to rebuild these systems with CentOS6 and httpd running as
> >> user "apache". The problem is how to give access to the NFS exports to
> these
> >> new servers while the old ones are still using the same exports.
> >>
> >> CentOS6 uses NFS4 so I was thinking to use idmap and statically map user
> >> "nobody" to local user "apache" but I can't seem to get it working.
> >>
> >> I wonder is it even possible considering that user "nobody" is a system
> >> type user?
> >>
> >> Any better ideas what I can do to give user nobody on CentOS5 and user
> >> apache on CentOS6 full access to the same NFS exported directories
> >> locally owned by user nobody?
>
> Sure: make it group apache, and group readable (and writeable, where
> necessary).
>
> Oh, and make sure you setsebook httpd_use_nfs=on, to shut up selinux.
>
>        mark
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

More information about the CentOS mailing list