NFS mount with different credentials

Does a way of mounting nfs directories as a specific (remote) user exist?

As far as I understand it NFS will match the UID/GID of a user which makes it possible to write files to a NFS directory as one user and read them as another one (at a different host).

My problem is as follows:
I’m a part-time admin at a university department. We have a server (fileserver &c.) and a backup-host left to me by my predecessors. Client workstations generally use LDAP for authentication and /home is mounted via NFS from the server. The backups are performed using ‘su’ and ‘rsync’ from the NFS /home to a local HDD.
This works fine for workstations which use LDAP and mount the different home-directories via NFS.

Alas, new professors wanted to maintain the computers of their groups by themselves, so their users are machine-specific and I do not have admin-access to those machines.

Now I am asked to include those users into the backup. I thought of adding the users to LDAP, thus creating a /home on the server. Keeping the file-permissions correct would, however, require that users mount those home directories from their workstations with different credentials (server-credentials vs. local credentials) and I could not find a way to do it.
Is this even possible?

Conflict between the professors and the network adminstration is as old as networks.

If they want you to do backups, then insist on your rules. Require that the home directories for these users be on the central server, and require that authentication be via network services (LDAP in your case). Perhaps offer to help them convert these student accounts to the required form.

Otherwise, no backup.

When you have a bunch of Unix/Linux systems working together in a way that users usage is spread over the systems, you need a central user administration that ensures that every UID is unique amongst all of them. It is of course very clever to assign the same (and also unique) Username to every single UID on all systems.

You can do that central administration pure manualy, but SUN Microsystems did not only invent NFS, they invented NIS to go with it.

This is because ownership of files is by UID (and GID) and not by username. And when files are handled on different systems (being it by using NFS, or by transporting them by removable disk (with of course Linux file systems), or using other media (tarballs over the net, using tape, CDs, …), the UID and GID travel with them.

Now when you take this into account on primary setup of your shop, it is not much of a problem. The problems arrive when that has to be realized later. Then everybody involved in the changes, you have to ask from them, will protest. But as you can not bend those technical facts, you, as systems administrator, have to live with the fact that nobody loves you. I hope that as a compensation, your pay is adequate. :wink:

On 2015-09-06 12:06, hcvv wrote:

> This is because ownership of files is by UID (and GID) and not by
> username.

IMO, this was a wrong initial design decision. It made sense decades
ago, with those machines with limited resources, but not nowdays.

However, I don’t see any way to change that now.

What would be nice and perhaps possible, would be for NFS to map source
and destination UIDs. Ie, have a conversion table mapping UIDs on sever
and client.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

Seeing as LDAP/NFS did not provide what I sought after some time I tumbled onto a workaround.

It involves using SSHFS on the client side with key-based authentication on the server-side.
Creating a one-line script for mounting and letting XFCE execute it on log-in on the client side will mount the
users directory on the server into a subdirectory of the users /home on the client.
A modification of xfce4-session allows for automatic unmount on log-off.

Gives the user on the client a drag-n-drop way for the user to copy her files to the server.
Beyond this I will assume the position: Their set-up, their data, their problem.