4

I tried to follow the ubuntu nfs4 documentation as closely as possible. My client machine is showing incorrect file ownerships.

This is my idmapd.conf file on both machines:

[General]

Verbosity = 0
Pipefs-Directory = /run/rpc_pipefs
Domain = localdomain

[Mapping]

Nobody-User = nobody
Nobody-Group = nogroup

[Translation]
Method=nsswitch

Yet, the client shows the ownership of files based on the numerical uid/gid instead of mapping the user and group names. I have the same user names on both machines, but the uids are not the same. So when I ls -l the directory on the client, it shows the files as owned by a different user which shares the same uid as the intended user on the server.

What am I doing wrong?

demersus
  • 143

1 Answers1

3

The file looks correct, perhaps the idmapd daemon is not running on one of the machines (check with pgrep rpc.idmapd)?

Is the mount actually done with NFS4? Check the output of mount on the client.

It might be possible to block the idmapd daemon with the TCP wrapper. Do the files /etc/hosts.deny and /etc/hosts.allow exist and have any content?

Note that even if you get it to show the correct user names on the client, it will not work as you want. Whenever you try access the files, the permission checking is done only with the numerical ids (without any translation between client and server). The translation is only done for the output of ls, not for the actual file accesses. So I guess you can stop trying at all, because this is probably not what you want.

The only solution for this is to sync the ids on client and server, or use Kerberos (which is very complex).

The source of my information is this bug report on Launchpad and this thread in the linux-nfsv4 mailing list

  • 2
    Thank you Philipp, I was hoping idmapd would take care of the user translation without syncing the IDs. Oh well. At least I know for next time. At this point it would probably be wise for me to setup an ldap directory to share users across my servers. – demersus Oct 29 '12 at 15:02