It’s been a while since I’ve blogged anything, let alone anything
technical. So, here goes.
I’ve been making the rounds in our house, upgrading all the desktops to
Fedora 16. For the most part, this has
been fairly painless. One thing I’ve noticed, however, is that Fedora 16
changes the default UIDs for new users. In the past, UIDs started at 500.
Now they start at 1000.
This became a problem when I tried to make changes to files on an
NFS-mounted filesystem shared by a server running CentOS 5.7. On the CentOS
server, my UID is 500. On my Fedora 16 desktop, my UID is 1000. I knew this
was going to be a problem for other users in the house as well.
Ideally, some way of mounting NFS filesystems with some UID mapping would
be the easiest approach here. I’m no NFS guru so I did some research online
to see what I could come up with. I could be wrong, but this doesn’t come
So, next, I looked at using Samba instead of NFS. Because the various
desktops might have more than one user account on them, I wanted to make
sure each user could have access to files on the server they’re supposed to
have access to.
We use KDE on our desktops. KIO
provides some very nice means for users to connect to network services via
HTTP, SSH, SFTP, Samba, FTP, and other protocols. Once you connect to a
network service, you can save the connection for use later. This is handy,
but I could not find a way to make this work at the command-line as well.
That is, if you have a Samba share mounted via KIO so you can access it via
KDE applications, there is no way of opening a terminal application and
interacting with the files in the Samba share with shell commands.
Right away, I got thinking this would really be a good use of Filesystem
In Userspace FUSE. FUSE is a kernel module
for Linux that allows non-privileged users to interact with the root
filesystem aspects of the kernel. In addition to allowing non-root users to
mount local devices and network services like Samba and SSH, it also has
given way to some projects that do some very interesting things like
provide filesystem access to archive files like .zip and .tar files.
It looks like there is a project called
KioFuse that aims to make KIO
connections available via FUSE, but I didn’t see that until just now. In
fact, I ran across this discussion on the KDE mailing
that seemed to indicate KIO and FUSE were not a match to be. It seems,
however, that hasn’t remained true. I will definitely have to check out
KioFuse and see how well it performs.
Fedora 16 includes the
fuse-smb package which
provides FUSE access to Samba shares. On the surface, it appears to be
fairly simple to use. You create a fusesmb.conf file in a
.smb subdirectory in your home directory. This file should contain
a username and password for the share you wish to mount. Then, create a
directory to act as a mountpoint for the FUSE filesystem, like
~/Network. Finally, run fusesmb followed by the mount
point you created.
If all works well, you should be able to access servers and shares under
your mountpoint. For example,
I never got fuse-smb to work. I suspected SELinux was in the way, but I
couldn’t find any evidence to support that theory.
In the meantime, I’ve set up entries in /etc/fstab for the Samba
share I want users to be able to access. The entry has the user
option which allows a non-root user to control the mount. This provides
some of what FUSE is supposed to do.
Next, I need the Samba share mounted for each user when they log in. To
accomplish this, I created a simple shell script in the
~/.kde/Autostart directory that mounts the Samba share. Something
I also would like the system to automagically unmount the filesystem when
the user logs out. To do this, I should be able to put a similar shell
script in ~/.kde/shutdown that does a umount of the
mounted filesystem. But, this didn’t work.
Despite the fact the manual pages for mount and fstab
clearly say all that is needed to allow normal users to mount and unmount a
filesystem is to add the user option, I can’t seem to unmount
the Samba share as a non-root user.
$ umount /import/server/share
umount: only root can unmount //server/share from /import/server/share
This is a partial solution. If others have ideas, I’m all ears. I’ll
continue to explore.
In the past, I had an OpenLDAP server that most of the desktops in the
house authenticated against. When Fedora introduced SSSD, that stopped
working and I had to create users on each desktop again. I’d like to
eventually get back to that and I know that would solve the original
problem with UID mapping.