| 1 |
On Sat, Jun 9, 2018 at 12:34 PM Grant Taylor |
| 2 |
<gtaylor@×××××××××××××××××××××.net> wrote: |
| 3 |
> |
| 4 |
> NFS will quite happily work with dissimilar IDs if you're using "other" |
| 5 |
> permission to access everything. }:-) |
| 6 |
> |
| 7 |
|
| 8 |
There are a few network filesystems with this property. As long as |
| 9 |
you just mount the whole filesystem with one user/group and umode and |
| 10 |
don't care that the remote server(s) will just discard any permissions |
| 11 |
changes you try to apply, they work fine without mapping UIDs. If |
| 12 |
you're using something like FUSE in a private mount namespace this can |
| 13 |
be done in a way that is reasonably secure as well (only the user |
| 14 |
logged into the remote server(s) can see the mountpoint). |
| 15 |
|
| 16 |
I feel like this is something that Windows natively gets "better" than |
| 17 |
POSIX. They have a concept of UIDs being specific to a machine or |
| 18 |
authentication server (or domain as they call it), and this concept is |
| 19 |
enforced at the host level. That said, I'm sure this approach has its |
| 20 |
downsides as well, in particular it is certainly more complex and at |
| 21 |
work we practically forbid any kind of windows ACLs at anything other |
| 22 |
than the top mount level because it is so hard to control. |
| 23 |
|
| 24 |
-- |
| 25 |
Rich |
Archives