Setting ownership of an EFS access point mountpoint?

0

Hello!

I have an EFS share, with a corresponding access point with enforced identity.

I have the typical problem that the users have (potentially) different uid/gid across clients.

Based on my understanding, the mountpoint (local to the client) of an AP mount, is assigned the owner ids of the enforced identity.

For example, if I've set 1666:1666 as AP enforced user identity, when I mount the AP on a host, say on /mnt, the host local directory (/mnt) will have uid and gid set to 1666:1666 (at least, this is what I've observed).

Is there any way of specifying the mountpoint owner ids? For example, in the above case, to set /mnt owner ids to 1777:1777?

Thanks!

sfs6309
質問済み 4年前1104ビュー
2回答
0

Could you clarify why you'd like the displayed uid/gid in the host to be different than the enforced identity?

The short answer is no, we don't have a way to return a different UID/GID to linux hosts than the owner UID/GID we store on our side, which is what you configured in CreationInfo (in case of a directory) or what was set when a file was created (by the AP enforced identity).

This is purely cosmetic - when you use APs, access control is done on the EFS-side, so with each operation EFS will be comparing the enforced identity of the AP (1666) with the ownership/permission bits of the files (which in this case also looks like 1666). This may look odd if the actual user on the host is running as userid 100, because glancing at permissions would lead you to believe that the user would not have access to the data. However, for practical purposes you can always assume that the user is operating as the enforced identity.

回答済み 4年前
0

Hello!

Thanks for the reply. I've just verified, as you pointed out, that it's purely cosmetic. In this case, it doesn't pose any problem.

The reason why I had permissions issues is that, after seeing the different owner, I changed the AP enforced permissions, leading to inconsistencies in the NFS directories.

Thanks!

sfs6309
回答済み 4年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ