From: Steve Dickson <SteveD@redhat.com>
To: Christian Seiler <christian@iwakd.de>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH] libnfsidmap: respect Nobody-User/Nobody-Group
Date: Wed, 13 Aug 2014 15:09:57 -0400 [thread overview]
Message-ID: <53EBB805.6070006@RedHat.com> (raw)
In-Reply-To: <603dd17035c81999c99b9020b65d8768@iwakd.de>
On 08/13/2014 01:45 PM, Christian Seiler wrote:
> No problem. To be honest, I completely forgot about this patch
> myself, because I wrote this patch when I tried to switch from
> idmapd to nfsidmap, but after I had some problems with that, I
> kind of switched back to idmapd, and then kind of put the whole
> thing to the back of my mind.
>
> But perhaps you can give me a couple of pointers on how to
> best debug the issue I had with nfsidmap:
>
> - nsswitch translation for idmapping, nss_ldapd
I'm not sure what you are asking...
> - nfsv4 sec=krb5 mount (mounted via autofs)
So your saying krb5 v4 mounts don't work via autofs and
its because idmapping??
> - no krb5 ticket: ls doesn't even work (permission denied)
> (this is expected, not a bug)
> - with krb5 ticket: ls -l shows correct directory contents,
> with correct user/group ownership (translation nfs4 ->
> uid/gid via nfsidmap and then uid/gid -> local names via
> getpwnam works)
And what's the problem?
> - accessing files owned by myself but that are not group/other
> readable doesn't work (permission denied)
hmm... this sound like a bug...
> - writing to files / directories on which I have write
> permission (but no other write permission) doesn't work
Is the execute bit on?
> - nfsv4 sec=sys mounts don't have this problem
>
> To me this appears to be a problem that while uids/gids are
> correctly mapped when getting data from the server, they are
> not mapped properly when sending requests to the server, so
> that it always falls back to nobody, therefore giving me
> insufficient permissions.
>
> The problem doesn't occur with rpc.idmapd (and disabled
> nfsidmap).
This is very odd...
>
> My question would be whether there is an easy way to debug this?
> I tried to have a look at the kernel nfs4 client code / the
> interaction with idmap, but I just don't know enough about that
> area of the kernel to really see through the logic.
set the Verbosity = 9 in /etc/idmapd.conf the look
in /var/log/messages for the output...
steved.
next prev parent reply other threads:[~2014-08-13 19:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-03 11:17 [PATCH] libnfsidmap: respect Nobody-User/Nobody-Group Christian Seiler
2014-08-13 16:45 ` Steve Dickson
2014-08-13 17:45 ` Christian Seiler
2014-08-13 19:09 ` Steve Dickson [this message]
2014-08-14 19:37 ` Benjamin Coddington
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53EBB805.6070006@RedHat.com \
--to=steved@redhat.com \
--cc=christian@iwakd.de \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.