[PATCH 0/2] nfsidmap: Allow admins to clean up id mappings that have failed

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Steve Dickson <steved@redhat.com>
To: Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: [PATCH 0/2] nfsidmap: Allow admins to clean up id mappings that have failed
Date: Thu, 17 Nov 2011 15:26:01 -0500	[thread overview]
Message-ID: <1321561563-5862-1-git-send-email-steved@redhat.com> (raw)

In working with the new idmapper, it became very apparent that
keys created from bad id mapping were very persistent and were
not easy disposed of. Unlike with rpc.idmapd, to git rid 
of bad id mapping one just needed to restart the daemon. 

So I've added some functionality to the nfsidmap command
that will allow admins to:

    - remove all the keys on the keyring.
    - remove a particular key from the keying.

The intention is to allow admins a way to clean up the id
name space when name resolution mechanisms, like NIS or LDAP, 
fail and leave a large number (or small number) of id mapping 
pointing to nobody. 

Note, for the second patch to work, there need to be a small 
kernel patch that will change the per-key permissions to
allow root to revoke them.

Steve Dickson (2):
  nfsidmap: Allow all keys to clear on the keyring
  nfsidmap: Allow a particular key to be revoked.

 utils/nfsidmap/nfsidmap.c   |  138 +++++++++++++++++++++++++++++++++++++++++--
 utils/nfsidmap/nfsidmap.man |   27 ++++++++-
 2 files changed, 159 insertions(+), 6 deletions(-)

-- 
1.7.7

next             reply	other threads:[~2011-11-17 20:26 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-11-17 20:26 Steve Dickson [this message]
2011-11-17 20:26 ` [PATCH 1/2] nfsidmap: Allow all keys to clear on the keyring Steve Dickson
2011-11-17 20:36   ` Tigran Mkrtchyan
2011-11-17 21:36     ` Steve Dickson
2011-11-17 20:26 ` [PATCH 2/2] nfsidmap: Allow a particular key to be revoked Steve Dickson
2011-11-17 20:34   ` Tigran Mkrtchyan
2011-11-17 21:36     ` Steve Dickson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1321561563-5862-1-git-send-email-steved@redhat.com \
    --to=steved@redhat.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).