Open ijn101 opened 6 years ago
kofemann
commented
6 years ago In general, client mount options stays on the client and not exposed to a server. The server can guess some of them, like used security flavor, IO buffer size, protocol version. But, probably, that's it. The local user mapping, caching options and even request timeout values are not available to the server. Moreover, mount options are different for different OSes.
Why you need them? Which problem you want to solve?
ijn101
commented
6 years ago I'm trying to identify the user who is doing the mount and then serve them their home directory.
I have one export / *(ro,all_root), and then when someone connects, I'm figuring out who they are by their IP address. That's not optimal, however, because multiple users can connect from the same IP.
Another thought was to allow user to mount server1:/myuser directory and then retrieve their user id from mount request. So far can't figure out how to do this in NFSv4. Looks like v3 had this
mountres3 MOUNTPROC3_MNT_3(RpcCall call$, dirpath arg1)
Is there equivalent in v4?
kofemann
commented
6 years ago This is, actually, a very interesting use case, which we have as well. In general, it's hard to see for which user mount was triggered, as some requests performed with hosts credentials (root).
However, each user-triggered NFS operation has UID and GID in the RPC request. You can access them in the file system implementation. See Client Subject Inside Rpc Service). Probably you need to treat ROOTFH as clients home directory based on UID in the rpc requests. However, I am not sure, that client's file system cache will be happy about it, as the cached content will makes no sense any more.
ijn101
commented
6 years ago Thank you for the subject pointer, I can see how that's done.
Unfortunately, that does not give me the info I need, so let me make the use case a little bit more interesting :)
Let's say I have a target file system, designed like so:
/data - this directory is the source of actual files. /users/user1 - contains symlinks into some files in /data that user1 can access - application generated /users/user2 - contains symlinks into some files in /data that user2 can access - application generated
All of these are backed by EFS, so my NFS spring boot application running inside docker container must have privileged access with root to these directories internally.
user1 and user2 are NOT linux uids, these application user ids.
My NFS service app exports a single mount point ( / ). I cache contents of /users/* directories in the service, so when someone connects, I figure out who they are (currently via IP) and serve contents of appropriate user dir.
Currently, all users use the same mount command to root of my fs - mount server1:/ /mnt/server
So, in a nutshell, I'm looking to find a way to pass/retrieve application user id via the mount command.
Hello Is it at all possible to retrieve mount options that were used on the client? For example, if
mount -o user=myuser server1:/ /mnt/server1
How can I get the value of user?
Thanks!