1 |
On Sat, Jun 9, 2018 at 12:34 PM Grant Taylor |
2 |
<gtaylor@×××××××××××××××××××××.net> wrote: |
3 |
> |
4 |
> NFS will quite happily work with dissimilar IDs if you're using "other" |
5 |
> permission to access everything. }:-) |
6 |
> |
7 |
|
8 |
There are a few network filesystems with this property. As long as |
9 |
you just mount the whole filesystem with one user/group and umode and |
10 |
don't care that the remote server(s) will just discard any permissions |
11 |
changes you try to apply, they work fine without mapping UIDs. If |
12 |
you're using something like FUSE in a private mount namespace this can |
13 |
be done in a way that is reasonably secure as well (only the user |
14 |
logged into the remote server(s) can see the mountpoint). |
15 |
|
16 |
I feel like this is something that Windows natively gets "better" than |
17 |
POSIX. They have a concept of UIDs being specific to a machine or |
18 |
authentication server (or domain as they call it), and this concept is |
19 |
enforced at the host level. That said, I'm sure this approach has its |
20 |
downsides as well, in particular it is certainly more complex and at |
21 |
work we practically forbid any kind of windows ACLs at anything other |
22 |
than the top mount level because it is so hard to control. |
23 |
|
24 |
-- |
25 |
Rich |