Request: support anonuid and anongid in Azure Files NFS

Michael Grant 1 Reputation point
2021-09-05T14:56:34.327+00:00

One NFS pattern that I find very helpful is to use the "all_squash" pattern with a specific, nonzero UID/GID pair specified using "anonuid" and "anongid". For instance, I can use this in Kubernetes to provide a persistent storage mechanism that serves different subdirectories to each container, thus providing a physical form of access control. Because each container will launch as the same UID and GID, using "all_squash" eliminates any chance of accidental permissions corruption.

Currently, the NFS support for Azure Files supports the "all_squash" capability, but not the ability to specify anongid and anonuid. I would like to request that this be added!

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,223 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Michael Grant 1 Reputation point
    2021-09-06T03:22:06.857+00:00

    One more important note. One could argue: "Why not just use the UID and GID that NFS assigns by default?" But it turns out that the value it assigns falls outside of the range acceptable to Kubernetes, which means that I cannot add that GID to the container's supplementalGroups.