From: Steve Dickson <SteveD@redhat.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Neil Brown <neilb@suse.de>,
Trond Myklebust <trond.myklebust@fys.uio.no>,
Jim Rees <rees@umich.edu>,
Daniel.Muntz@emc.com, linux-nfs@vger.kernel.org
Subject: Re: numeric UIDs
Date: Fri, 13 Aug 2010 13:30:46 -0400 [thread overview]
Message-ID: <4C658146.90207@RedHat.com> (raw)
In-Reply-To: <20100813163156.GA16863@fieldses.org>
On 08/13/2010 12:31 PM, J. Bruce Fields wrote:
> On Fri, Aug 13, 2010 at 10:43:06AM -0400, Steve Dickson wrote:
>>
>>
>> On 08/11/2010 07:22 PM, Neil Brown wrote:
>>>
>>> I agree. And surely it can all be solved in idmapd.
>>>
>>> On the server, tell idmapd to map all users to "NUMERIC_USER:%d" and all
>>> groups to "NUMERIC_GROUP:%d" (or whatever) for some given clients (i.e. stop
>>> ignoring the 'authentication name'. And of course map those names back to
>>> numbers.
>>>
>>> I don't know if the client can easily differentiate based on which server it
>>> is talking to, but there is probably less need there (and maybe it can
>>> anyway).
>>>
>>> It shouldn't take more that half an hour to hack something into
>>> idmapd.c:nfsdcb() for the server side and nfscb for the client side - or
>>> for a quicker hack, just go directly to imconv and ignore the client name on
>>> the server. (all this in nfs-utils of course).
>> I took a look... and you are right it would not be that difficult to
>> hack something up... but would this only be a Linux to Linux thing?
>> Or am I missing something?
>
> There are four cases where translation can be done:
>
> Sending id from server to client (ls, stat, getacl):
> 1. server uid -> string
> 2. string -> client uid
> Sending id from client to server (chown, setacl):
> 3. client uid -> string
> 4. string -> client uid
>
> Cases 1 and 2 are uncontroversial. Definitely map ascii-fied integers
> in both of those cases.
Does "ascii-fied integers" mean "3606" (a mapping without the @domain part)?
>
> Case 4 violates the SHOULD on page 47. Which would make case 3 useless
> if all servers respect that SHOULD. I think we should ignore the SHOULD
> and implement 3 and 4 too, but Trond may not agree.
>
> I suppose we could make this all configurable, and then argue about what
> the defaults should be. If we implement all this in idmapd then that's
> easy.
I guess... I would think whatever make the v2/v3 to v4 transition
seamless would be the best default...
>
> I don't know what other clients and servers do. Probably 1 and 2 at
> least, but maybe it's something to check at the next bakeathon.
>
> Do we actually use an @-less "nobody" as suggested in the last
> paragraph? If not that might be something else to fix.
It appears we do... see idtonameres()....
steved.
next prev parent reply other threads:[~2010-08-13 17:31 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-03 2:01 numeric UIDs Victor Mataré
2010-08-03 16:43 ` Jim Rees
2010-08-03 19:22 ` J. Bruce Fields
2010-08-03 21:49 ` Daniel.Muntz
2010-08-03 21:57 ` Jim Rees
2010-08-03 22:15 ` Trond Myklebust
2010-08-03 22:23 ` J. Bruce Fields
2010-08-03 22:31 ` Trond Myklebust
2010-08-03 22:42 ` J. Bruce Fields
2010-08-04 2:02 ` Trond Myklebust
2010-08-04 17:06 ` David Brodbeck
2010-08-04 18:30 ` Andy Adamson
2010-08-04 21:32 ` David Brodbeck
2010-08-11 23:06 ` Neil Brown
2010-08-12 13:20 ` Andy Adamson
2010-08-11 23:10 ` Neil Brown
2010-08-05 15:34 ` J. Bruce Fields
2010-08-11 23:22 ` Neil Brown
2010-08-13 14:43 ` Steve Dickson
2010-08-13 16:31 ` J. Bruce Fields
2010-08-13 17:30 ` Steve Dickson [this message]
[not found] ` <4C658146.90207-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2010-08-13 17:37 ` J. Bruce Fields
2010-08-13 18:43 ` Chuck Lever
2010-08-17 17:46 ` Tom Haynes
2010-08-17 18:18 ` J. Bruce Fields
2010-08-17 18:43 ` Tom Haynes
2010-08-17 18:49 ` J. Bruce Fields
2010-08-17 19:21 ` J. Bruce Fields
[not found] ` <4C6559FA.5070809-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2010-08-16 8:30 ` Neil Brown
2010-08-13 14:40 ` Steve Dickson
2010-08-03 19:22 ` J. Bruce Fields
2010-08-17 17:48 ` Tom Haynes
2010-08-17 18:24 ` J. Bruce Fields
2010-08-17 19:00 ` Tom Haynes
2010-08-17 20:08 ` David Brodbeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C658146.90207@RedHat.com \
--to=steved@redhat.com \
--cc=Daniel.Muntz@emc.com \
--cc=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=rees@umich.edu \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.