From: Steve Dickson <SteveD@redhat.com>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: Anna Schumaker <schumakeranna@gmail.com>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: managing the system's NFSv4 domain name
Date: Thu, 30 Jul 2015 14:29:13 -0400 [thread overview]
Message-ID: <55BA6CF9.7080505@RedHat.com> (raw)
In-Reply-To: <CF4DF6BD-CACC-4C75-98CF-DE5E26F10AE7@oracle.com>
Hey Chuck
On 07/30/2015 11:17 AM, Chuck Lever wrote:
>>> >> Does it make sense to extend the nfsidmap command to display and
>>> >> modify the NFSv4 domain name?
>> > I would think so... All the tools (aka conf_XXX() calls) are there
>> > and I think it would be relatively simple...
> Any opinions about what command line options to use? How about:
>
> To view: nfsidmap -D
>
> To update: [sudo] nfsidmap -U new.domain.name
Just curious as to why upcase... I was thinking -s / -d domain.name
no big deal... either way is fine...
>
> On the client, updating the domain name requires "nfsidmap -c"
> to clear the kernel idmap keyring. That can be built in to -U.
That makes sense... as long as its documented...
>
> On the server, I guess restarting rpc.idmapd would also be
> required. Would be nice if server and client idmapping both used
> request-key.
I totally agree with this... Since the default on the server is
to use uid/gid strings instead of name@domain strings it not
clear how much the new up-call would be used.
>
>
>> > Another thing I always thought would be nice is a way
>> > to show the existing uid/gid keys in a human format.
>> > Now to see what keys exist one has to cat /proc/keys
>> > which is not very readable...
> Or use keyctl.
>
> Either works for debugging and development, but neither are
> appropriate as an administrative interface, IMO.
Probably... but admin are curious people they might
find some use for the interface.
>
> Something like "nfsidmap -l" would be simple, and could show
> both legacy and id_resolv keys, if we like.
Perfect!
>
> Btw, it looks like most recent kernels ignore the "-t" option.
> It should be fixed or removed.
I guess we could deprecate it. Its not clear how that was ever
used in the first place... I just added because I could... ;-)
steved.
next prev parent reply other threads:[~2015-07-30 18:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-30 2:28 managing the system's NFSv4 domain name Chuck Lever
2015-07-30 13:39 ` Steve Dickson
2015-07-30 15:17 ` Chuck Lever
2015-07-30 18:29 ` Steve Dickson [this message]
2015-07-30 18:44 ` Chuck Lever
2015-07-30 20:05 ` Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55BA6CF9.7080505@RedHat.com \
--to=steved@redhat.com \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=schumakeranna@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.