NFS permissions are not addressed at mount time, except for read-only or read-write and for what root from a client can and cannot do. If anyone has read-write needs, then the mount on that system should be read-write. NFS isn't CIFS.
User's don't mount NFS storage, the administrator does, typically. I suppose NFSv4 has per-user Kerberos tickets, but I've never seen that deployed anywhere.
With NFS, normal Unix permissions work. What you've described is addressed with those. The use of NFS is only important in that the uids and gids need to be matched between all client and the server. These are the numbers seen by the 'id' command. It can be manually handled on each system using the /etc/passwd and /etc/group files or via LDAP. There are other ways, like NIS+ (requires Solaris) or NIS (full of security issues) that could be used. I miss NIS, but the poor security just cannot be ignored, IMHO. For more than 5 computers or 5 users, I'd setup LDAP using something like FreeIPA.
Do any of the members in the groups belong in more than 1 group? That isn't clear.
Put users into their respective Unix groups, A, B, C. Make the files you want "A" to read-write be the group for all those files and set the permissions to g=rw. You might want to set the directory permissions for where those files sit to g=rwxs so the group is automatically maintained on all new files. Make "other" permissions read-only - o=r. Then for group "C", you'll need to either block them at a directory higher by going with 705 permissions and have "C" be the group owner or using ACLs.
If the users only come from specific clients, then you don't need to let C group systems have NFS access.
There are probably at least 50 solutions to these needs. I wouldn't use 070. The owner (an individual userid) always can change any permissions, so giving them -rwx is useless. They are the owner. Period.
Of course, I could easily misunderstand. Some example directories and files with what you think you need would clarify. Just remember, there is owner, group and other permissions and you can block access by placing a group you DON'T want access with no group permissions at any level higher (closer to / directory) than the location of the files.
Let's see if this is clearer than all those words:
Code:
$ find . -ls
drwxrwxr-x 3 thefu thefu 4096 Oct 20 09:47 .
drwx---r-x 3 thefu C 4096 Oct 20 09:46 ./No_C
drwxrwsr-x 2 thefu A 4096 Oct 20 09:46 ./No_C/A_RW-B_RO
-rw-rw-r-- 1 thefu A 0 Oct 20 09:46 ./No_C/A_RW-B_RO/file2
-rw-rw-r-- 1 thefu A 0 Oct 20 09:46 ./No_C/A_RW-B_RO/file3
-rw-rw-r-- 1 thefu A 0 Oct 20 09:46 ./No_C/A_RW-B_RO/file1
Bookmarks