linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "J. Bruce Fields" <bfields@fieldses.org>
To: Steve Dickson <SteveD@redhat.com>
Cc: Neil Brown <neilb@suse.de>,
	Trond Myklebust <trond.myklebust@fys.uio.no>,
	Jim Rees <rees@umich.edu>,
	Daniel.Muntz@emc.com, linux-nfs@vger.kernel.org
Subject: Re: numeric UIDs
Date: Fri, 13 Aug 2010 12:31:56 -0400	[thread overview]
Message-ID: <20100813163156.GA16863@fieldses.org> (raw)
In-Reply-To: <4C6559FA.5070809@RedHat.com>

On Fri, Aug 13, 2010 at 10:43:06AM -0400, Steve Dickson wrote:
> 
> 
> On 08/11/2010 07:22 PM, Neil Brown wrote:
> > 
> > I agree.  And surely it can all be solved in idmapd.
> > 
> > On the server, tell idmapd to map all users to "NUMERIC_USER:%d" and all
> > groups to "NUMERIC_GROUP:%d" (or whatever) for some given clients (i.e. stop
> > ignoring the 'authentication name'.  And of course map those names back to
> > numbers.
> > 
> > I don't know if the client can easily differentiate based on which server it
> > is talking to, but there is probably less need there (and maybe it can
> > anyway).
> > 
> > It shouldn't take more that half an hour to hack something into
> > idmapd.c:nfsdcb() for the server side and nfscb for the client side - or
> > for a quicker hack, just go directly to imconv and ignore the client name on
> > the server.  (all this in nfs-utils of course).
> I took a look... and you are right it would not be that difficult to
> hack something up... but would this only be a Linux to Linux thing? 
> Or am I missing something?

There are four cases where translation can be done:

	Sending id from server to client (ls, stat, getacl):
		1. server uid -> string
		2. string -> client uid
	Sending id from client to server (chown, setacl):
		3. client uid -> string
		4. string -> client uid

Cases 1 and 2 are uncontroversial.  Definitely map ascii-fied integers
in both of those cases.

Case 4 violates the SHOULD on page 47.  Which would make case 3 useless
if all servers respect that SHOULD.  I think we should ignore the SHOULD
and implement 3 and 4 too, but Trond may not agree.

I suppose we could make this all configurable, and then argue about what
the defaults should be.  If we implement all this in idmapd then that's
easy.

I don't know what other clients and servers do.  Probably 1 and 2 at
least, but maybe it's something to check at the next bakeathon.

Do we actually use an @-less "nobody" as suggested in the last
paragraph?  If not that might be something else to fix.

--b.

  reply	other threads:[~2010-08-13 16:33 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-08-03  2:01 numeric UIDs Victor Mataré
2010-08-03 16:43 ` Jim Rees
2010-08-03 19:22   ` J. Bruce Fields
2010-08-03 21:49     ` Daniel.Muntz
2010-08-03 21:57       ` Jim Rees
2010-08-03 22:15         ` Trond Myklebust
2010-08-03 22:23           ` J. Bruce Fields
2010-08-03 22:31             ` Trond Myklebust
2010-08-03 22:42               ` J. Bruce Fields
2010-08-04  2:02                 ` Trond Myklebust
2010-08-04 17:06                   ` David Brodbeck
2010-08-04 18:30                     ` Andy Adamson
2010-08-04 21:32                       ` David Brodbeck
2010-08-11 23:06                         ` Neil Brown
2010-08-12 13:20                           ` Andy Adamson
2010-08-11 23:10                     ` Neil Brown
2010-08-05 15:34                   ` J. Bruce Fields
2010-08-11 23:22                     ` Neil Brown
2010-08-13 14:43                       ` Steve Dickson
2010-08-13 16:31                         ` J. Bruce Fields [this message]
2010-08-13 17:30                           ` Steve Dickson
     [not found]                             ` <4C658146.90207-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2010-08-13 17:37                               ` J. Bruce Fields
2010-08-13 18:43                           ` Chuck Lever
2010-08-17 17:46                             ` Tom Haynes
2010-08-17 18:18                               ` J. Bruce Fields
2010-08-17 18:43                                 ` Tom Haynes
2010-08-17 18:49                                   ` J. Bruce Fields
2010-08-17 19:21                                     ` J. Bruce Fields
     [not found]                         ` <4C6559FA.5070809-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2010-08-16  8:30                           ` Neil Brown
2010-08-13 14:40                 ` Steve Dickson
2010-08-03 19:22 ` J. Bruce Fields
2010-08-17 17:48   ` Tom Haynes
2010-08-17 18:24     ` J. Bruce Fields
2010-08-17 19:00       ` Tom Haynes
2010-08-17 20:08         ` David Brodbeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100813163156.GA16863@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=Daniel.Muntz@emc.com \
    --cc=SteveD@redhat.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=neilb@suse.de \
    --cc=rees@umich.edu \
    --cc=trond.myklebust@fys.uio.no \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).