This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
One NFS pattern that I find very helpful is to use the "all_squash" pattern with a specific, nonzero UID/GID pair specified using "anonuid" and "anongid". For instance, I can use this in Kubernetes to provide a persistent storage mechanism that serves different subdirectories to each container, thus providing a physical form of access control. Because each container will launch as the same UID and GID, using "all_squash" eliminates any chance of accidental permissions corruption.
Currently, the NFS support for Azure Files supports the "all_squash" capability, but not the ability to specify anongid and anonuid. I would like to request that this be added!
@Michael Grant Thanks for raising this good question. I’m checking on this internally with the product team and will get back to you with something concrete. Apologies for the delay in responding here,
One more important note. One could argue: "Why not just use the UID and GID that NFS assigns by default?" But it turns out that the value it assigns falls outside of the range acceptable to Kubernetes, which means that I cannot add that GID to the container's supplementalGroups.
@Michael Grant I wish to engage with you offline for a closer look and provide a quick and specialized assistance, please send an email with subject line “Attn:subm” to AzCommunity[at]Microsoft[dot]com referencing this thread and the Azure subscription ID, I will follow-up with you. Once again, apologies for any inconvenience with this issue.
Thanks for your patience and co-operation.