Share via


Allow Root and Anonymous Access to Resources by NFS Clients

Applies To: Windows Server 2008

Allowing root access

You can allow UNIX users to have root access to resources. Some of these methods include:

  • Assigning the client computer root access when the shared resource is exported.

  • Mapping (through either Active Directory Lookup or User Name Mapping) the UNIX user root (UID 0) to the Windows user Administrator—and also, mapping the group to which the root belongs to the Windows group Administrators.

For example, consider a situation in which the directory Testdir is owned by Administrators. This directory was created with an account that is a member of the Windows group Administrators. The permissions listed were set after the directory was created. At the UNIX client, the permissions look like this:

ls ld /testdir
drwxrwxr-x 2 root root 64 Nov 3 12:11 /testdir/

When the directory is owned by Administrators, Server for NFS reports a user identifier (UID) and group identifier (GID) pair of 0,0.

Allowing anonymous access

By default, Server for NFS does not allow anonymous users to access a shared directory. When you share a directory, you can allow anonymous access to the directory and you can change the default anonymous UID and GID values to the UID and GID of any valid UNIX user and group accounts. If you change the anonymous UID and anonymous GID for a shared resource, those values will be used when reporting the owner of a file owned by a Windows user which is not mapped to UNIX user, even if anonymous access is not allowed.

Note

To enable anonymous access, enable the Network Access: Let Everyone permissions apply to anonymous users policy.

To allow anonymous access to an NFS share using the Windows interface

  1. Open Windows Explorer: click Start, point to Programs or All Programs, point to Accessories, and then click Windows Explorer.

  2. In the details pane, right-click the shared directory you want to manage.

  3. Click Sharing.

  4. Click NFS Sharing.

  5. Select Allow anonymous access.

  6. To specify a nondefault value for the anonymous user identifier (UID) or anonymous group identifier (GID), type the value in the Anonymous UID or Anonymous GID box.

  7. Click Apply.

Additional references

To allow anonymous access to an NFS share using the command prompt

  1. Open the command prompt with elevated privileges.

    1. Click the Start button, and click All Programs.

    2. Click Accessories.

    3. Right-click the command prompt, and click Run as administrator.

  2. At the command prompt, type:

    nfsshare -ooption**=value...**sharename

    Argument Description

    sharename

    The name of the shared directory.

    -o

    Specifies one or more options to be set and must be set to at least one of the following:

    anon={yes | no}

    Specifies whether anonymous (unmapped) users can access the shared directory. The default is no.

    anonuid=uid

    Specifies that anonymous (unmapped) users will access the share directory using uid as their user identifier (UID). The default is -2. The anonymous UID will be used when reporting the owner of a file owned by an unmapped user, even if anonymous access is disabled.

    anongid=gid

    Specifies that anonymous (unmapped) users will access the share directory using gid as their group identifier (GID). The default is -2. The anonymous GID will be used when reporting the owner of a file owned by an unmapped user, even if anonymous access is disabled.

Note

To view the complete syntax for this command, at a command prompt, type: nfsshare /?

Additional references