--- util-linux-2.12/mount/nfs.5.okir 2004-03-22 16:26:31.000000000 +0100 +++ util-linux-2.12/mount/nfs.5 2004-03-22 16:43:38.000000000 +0100 @@ -213,10 +213,45 @@ NFS version 3. (On NFS version 2 filesystems this option has no effect.) This option also deactivates the GETACL and SETACL remote procedure calls which are otherwise used to manipulate ACLs. +.TP 1.5i +.I broken_suid +This option tries to help applications that are a little careless +in dealing with effective vs real user and group ID. See below in +section +.IR "NFS Authentication" . .P All of the non-value options have corresponding nooption forms. For example, nointr means don't allow file operations to be interrupted. +.SS NFS Authentication +NFS currently supports only the AUTH_SYS RPC authentication flavor, +which basically transmits the user's user and group ID to the server, +along with the list of supplementary groups. However, this doesn't +transport the full set of user credentials to the server, so that some +operations may fail with a permission error, which would have succeeded +on a local file system. +.P +One limitation of AUTH_SYS authentication is that not the full set of +user and group ids are transmitted. By default, only the fsuid and fsgid +and the auxiliary group vector are transmitted. (fsuid and fsgid mostly +reflect the effective uid and gid, but can differ in special cases, +see +.BR setfsuid (2) +for details). +.P +If this behavior causes certain applications to break, it may help to +enable the +.B broken_suid +mount option. This tells the NFS client to retry an operation with +the real uid and gid if it fails using the fsuid and fsgid. +.P +Another common problem occurs when users have a large number of +auxiliary groups. The AUTH_SYS flavor limits the number of auxiliary +groups that can be transmitted to 16. Additional groups are simply +ignored, and may cause operations to fail which would otherwise be +allowed based on the user's group membership. +The only fix for this problem is to limit the number of groups the user +is part of. .SH FILES .I /etc/fstab .SH "SEE ALSO" @@ -224,11 +259,7 @@ .SH AUTHOR "Rick Sladkey" .SH BUGS -The posix, and nocto options are parsed by mount -but currently are silently ignored. -.P -The tcp and namlen options are implemented but are not currently -supported by the Linux kernel. +The posix option is parsed by mount but is currently ignored by the kernel. .P The umount command should notify the server when an NFS filesystem is unmounted.