Sharing NFS With a Group of Macs
Wednesday, March 21st, 2007This problem may sound familiar to some people: You have an office (or a livingroom) filled with Macs and you want to share a common NFS volume from a linux machine that all OSX users can access. Linux’ kernel nfsd doesn’t support uid/gid-mapping beyond its rather tame idea of uid-squashing: mapping all file access over NFS to a specific userid and groupid combination. Although this sounds like a sensible approach for such a shared volume, unfortunately the OSX Finder is trying to be way too smart about things and will block any operations on a volume if the permissions look wrong. What this means is, if you use all_squash to map all access to, say, uid/gid 100/100, the Finder running for a user under uid 501 will refuse to copy files to the share, even while the NFS server will permit this.
So for months we resolved to just making sure everybody was running under the default userid 501 assigned to the primary (or actually, first created) user of an OSX system. This, of course, is unworkable for machines that have multiple accounts (onlyl the account with userid 501 will allow proper access to the share).
Then I ran across this post, documenting that the uid/gid combination of 99/99 is magic to OSX and the Finder: it will automatically map the ownership of a file/directory with these properties to that of the user that is currently looking, so problem solved. By exporting an NFS volume like this:
(rw,insecure,all_squash,anonuid=99,anongid=99)
we no longer have to muck around making sure everybody has uid 501.
