"Ashley M. Kirchner" <ashley@xxxxxxxxxx> wrote:
> Server 2 is going to restrict access to users it knows about unless
> you open up permissions which is a bad idea.
If this is only for internal use (and everything is blocked via
firewall and iptables) and I have control over what happens where and by
who, how bad can it really be?
The problem is you want file ownership (and permissions) maintained from
the NFS/Server 1 side but not from the Server 2/3 side. Even if you
open up permissions on Server 1 (directories 777, files 666), you will
have all the files owned by nobody (or whatever pcguest maps to on
Server 2). This may accomplish what you want but, even if you have
external access completely locked down, you still have to worry about
somebody fat-fingering a command. I've seen more data destroyed by well
meaning klutzes than hackers.
Any thoughts on using something like rsync and/or shell scripts running
from cron instead of using NFS between Server 1 and Server 2? Some
clever directory naming and you could automate moving files each way
between Server 1 and Server 2 while keeping the file ownership straight
and with only fairly minimal latency.
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
