Coder Social home page Coder Social logo

User permissions about docker-nfs-server HOT 2 CLOSED

ehough avatar ehough commented on May 27, 2024
User permissions

from docker-nfs-server.

Comments (2)

ehough avatar ehough commented on May 27, 2024

All good questions! I'll do my best to answer.

At which levels do I need the users to exist? Just inside the container, just inside the docker-host, or both?

You don't really need to create users anywhere; the container will happily serve files that are owned by a non-existent (from the container's perspective) user. The NFS server doesn't care if there's a matching user in /etc/password or otherwise. Whatever numeric IDs that the container sees for the files (ls -n) is what will be served up via NFS, and it's up to the NFS client to try to match the user ID to a local user.

Does that make sense?

do I need to run the container as a particular user?

I haven't tested running the container as a user other than root. It very well may be possible and I think I will experiment. But since you are required to run the container with CAP_SYS_ADMIN, running as a non-root user won't give you much added security. i.e. a non-root user granted CAP_SYS_ADMIN has lots of power compared to a "regular" user.

Normally on NFS, the nfs-server directory/file permissions would map 1-1 with the nfs-client permissions, so if uid=1000 has write access on the server then uid=1000 on the client would also have write access.

Just to be pedantic, what you described here is 100% accurate for NFSv3; the numeric IDs on the client and server are assumed to be of the same namespace. NFSv4 introduces the ability to use user ID mapping, which is a lot more flexible but also significantly harder to configure.

Hope that answers your questions for now? I'm going to close the issue but please feel free to continue the discussion or ask follow-ups.

from docker-nfs-server.

Exlipse7 avatar Exlipse7 commented on May 27, 2024

Yes, that all makes sense. Thank you very much. I guess I was more concerned about writing back to the server, if (since the container is running as root) that would affect the permissions on files created by the nfs-client. If it 'just works' as a pass-through and the files are made with the permissions from the client side then that's great. It may be a lack of understanding on my part of the finer details of NFS in general.

from docker-nfs-server.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.