Background of Problem

In many cases, different feature departments and businesses within a company or organization need to share data while giving different privileges to ensure data security. At this time, the user wants to set different access privileges for different users just like using the local file system.

The NFS protocol supports UNIX-style privilege authentication mechanisms. UID and GID are used instead of user names and group names for privilege verification. Therefore, if you access the CFS file system from two different virtual machines, you will have a different experience depending on whether the user's UID is the same or different on those virtual machines:

• If the same user has the same UID on both virtual machines, CFS will treat them as the same user;
• If the same user has different UIDs on both virtual machines, CFS will treat them as different users;
• If two different users has the same UIDs on different virtual machines, CFS will treat them as the same user.

Except for very few special users (such as root), the UID and GID of the same user on different machines are probably different. Therefore, you need to make some special settings to allow the access privileges to work correctly.

Unify the User's UID and GID

You can set the UID and GID on each virtual machine as follows:

Method 1: Modify UID and GID with usermode and groupmode

1.If the user does not exist, create the user, assuming the name of the user to be created is cfs, and view the UID and GID through the id command. The command and sample output are as follows:

[root@test-cfs ~]# useradd cfs
[root@test-cfs ~]# id cfs
uid=500(cfs) gid=500(cfs) groups=500(cfs)

2.Modify the UID and GID of the cfs account to a preset value such as 888 using the usermode and groupmode commands. The command and sample output are as follows:

[root@test-cfs ~]# usermod -u 888 cfs
[root@test-cfs ~]# groupmod -g 888 cfs
[root@test-cfs ~]# id cfs
uid=888(cfs) gid=888(cfs) groups=888(cfs)

Method 2: Modify /etc/passwd and /etc/group files

The first step is the same as the method. After creating the user, open /etc/passwd and /etc/ group to edit.

vi/etc/passwd, find the line where the cfs user is, and modify the UID and GID.

Before modification:

After modification:

Enter :wq to exit the edit mode and save the modification.

vi/etc/group, find the line where the cfs user is, and modify its group.

Before modification:

After modification:

Enter :wq to exit the edit mode and save the modification.

Create Initial Directory

By default, only ROOT users can create directories and files. Therefore, you also need to set up your own root directory for each user under the root account and modify privileges with chown so that users can use it as their own. The sample code is as follows (assuming the mount target is /mnt):

[root@test-cfs ~]# mkdir /mnt/cfs
[root@test-cfs ~]# chown -R cfs:cfs /mnt/cfs
[root@test-cfs ~]# ls -l /mnt/
total 8
drwxr-xr-x 2 cfs  cfs  4096 Jul 24 15:38 cfs
drwxr-xr-x 2 root root 4096 Jul 24 15:39 root

The kernel prohibits the non-root user from mounting the file system, so the user still needs to mount the file system as the root account before using it. This step can be automated through "automount". You can mount with the user's root directory path, limiting the scope of use to the user himself while mounting.