Setting ownership of an EFS access point mountpoint?

0

Hello!

I have an EFS share, with a corresponding access point with enforced identity.

I have the typical problem that the users have (potentially) different uid/gid across clients.

Based on my understanding, the mountpoint (local to the client) of an AP mount, is assigned the owner ids of the enforced identity.

For example, if I've set 1666:1666 as AP enforced user identity, when I mount the AP on a host, say on /mnt, the host local directory (/mnt) will have uid and gid set to 1666:1666 (at least, this is what I've observed).

Is there any way of specifying the mountpoint owner ids? For example, in the above case, to set /mnt owner ids to 1777:1777?

Thanks!

sfs6309
asked 4 years ago984 views
2 Answers
0

Could you clarify why you'd like the displayed uid/gid in the host to be different than the enforced identity?

The short answer is no, we don't have a way to return a different UID/GID to linux hosts than the owner UID/GID we store on our side, which is what you configured in CreationInfo (in case of a directory) or what was set when a file was created (by the AP enforced identity).

This is purely cosmetic - when you use APs, access control is done on the EFS-side, so with each operation EFS will be comparing the enforced identity of the AP (1666) with the ownership/permission bits of the files (which in this case also looks like 1666). This may look odd if the actual user on the host is running as userid 100, because glancing at permissions would lead you to believe that the user would not have access to the data. However, for practical purposes you can always assume that the user is operating as the enforced identity.

answered 4 years ago
0

Hello!

Thanks for the reply. I've just verified, as you pointed out, that it's purely cosmetic. In this case, it doesn't pose any problem.

The reason why I had permissions issues is that, after seeing the different owner, I changed the AP enforced permissions, leading to inconsistencies in the NFS directories.

Thanks!

sfs6309
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions