From owner-freebsd-questions@FreeBSD.ORG Tue Oct 7 18:39:32 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 742BE8B3 for ; Tue, 7 Oct 2014 18:39:32 +0000 (UTC) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id 4BF9DC20 for ; Tue, 7 Oct 2014 18:39:32 +0000 (UTC) Received: by be-well.ilk.org (Postfix, from userid 1147) id 3DC7E33C46; Tue, 7 Oct 2014 14:39:31 -0400 (EDT) From: Lowell Gilbert To: Martin Subject: Re: Problems accessing a Linux NFS share as a normal user References: <164141412651763@web23m.yandex.ru> <44sij0ypd3.fsf@be-well.ilk.org> <400341412703076@web23m.yandex.ru> Reply-To: freebsd-questions@freebsd.org Date: Tue, 07 Oct 2014 14:39:30 -0400 In-Reply-To: <400341412703076@web23m.yandex.ru> (Martin's message of "Tue, 07 Oct 2014 19:31:16 +0200") Message-ID: <44vbnvyba5.fsf@be-well.ilk.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Oct 2014 18:39:32 -0000 Martin writes: > 07.10.2014, 15:35, "Lowell Gilbert" : >> Martin writes: >>> =A0However, I also need to mount this on a FreeBSD box as a normal user= , not root. >> >> Is the export marked "insecure"? >> You'll get different port numbers for root as opposed to a normal user. > > What does it mean "export marked as insecure"? Quoting the exports(5) manual page from a convenient Linux machine: EXAMPLE # sample /etc/exports file / master(rw) trusty(rw,no_root_squash) /projects proj*.local.domain(rw) /usr *.local.domain(ro) @trusted(rw) /home/joe pc001(rw,all_squash,anonuid=3D150,anongid=3D100) /pub *(ro,insecure,all_squash) /srv/www -sync,rw server @trusted @external(ro) /foo 2001:db8:9:e54::/64(rw) 192.0.2.0/24(rw) /build buildhost[0-9].local.domain(rw) The first line exports the entire filesystem to machines master and trusty. In addition to write access, all uid squashing is turned off for host trusty. The second and third entry show examples for wildcard hostnames and netgroups (this is the entry `@trusted'). The fourth line shows the entry for the PC/NFS client discussed above. Line 5 exports the public FTP directory to every host in the world, executing all requests under the nobody account. The insecure option in this entry also allows ^^^^^^^^^^^^^^^ clients with NFS implementations that don't use a reserved port for NFS. The sixth line exports a directory read-write to the machine 'server' as well as the `@trusted' netgroup, and read-only to netgroup `@external', all three mounts with the `sync' option enabled. The seventh line exports a directory to both an IPv6 and an IPv4 subnet. The eighth line demonstrates a character class wildcard match.