From: "J. Bruce Fields" <bfields@fieldses.org>
To: Tom Haynes <tdh@excfb.com>
Cc: "Chuck Lever" <chuck.lever@oracle.com>,
"Steve Dickson" <SteveD@redhat.com>, "Neil Brown" <neilb@suse.de>,
"Trond Myklebust" <trond.myklebust@fys.uio.no>,
"Jim Rees" <rees@umich.edu>,
Daniel.Muntz@emc.com, linux-nfs@vger.kernel.org, nfsv4@ietf.org,
"Victor Mataré" <dreck@vmsd.ath.cx>
Subject: Re: numeric UIDs
Date: Tue, 17 Aug 2010 15:21:32 -0400 [thread overview]
Message-ID: <20100817192132.GC26609@fieldses.org> (raw)
In-Reply-To: <20100817184910.GB26609@fieldses.org>
Tom Haynes said:
> > While various ways pop to mind to hack this up, why not bring it up
> > to the working group and get consensus? Perhaps whomever struck down
> > Jim Rees will recall why it is such a bad idea and convince us all
> > to stay away from it. Or perhaps after years of enduring customers
> > who can't do the above, they will capitulate.
Adding nfsv4 list to the cc.
So, to summarize: every now and then somebody asks why the Linux NFSv4
implementation doesn't allow (ascii-encoded) numerical uid's and gid's;
most recently:
> On Tue, Aug 03, 2010 at 04:01:32AM +0200, Victor Mataré wrote:
>> I still hope I'm mistaken in assuming I have to go back to NFSv3 if I
>> want to skip NFSv4 UID mapping altogether and just use the numeric
>> UIDs the way they're stored on-disk....
They went on to describe a situation (apparently hypothetical) where NFS
is used to perform backups of a filesystem when the server storing the
backup (and maybe even the client performing the backup) lack mappings
referred to by the filesystem.
This is a use case that would work over v3 but likely not v4, as v4
implementors are advised against allowing this on page 47 of rfc 3530:
> > To avoid this mechanism being used to subvert user and
> > group translation, so that a client might pass all of the owners and
> > groups in numeric form, a server SHOULD return an NFS4ERR_BADOWNER
> > error when there is a valid translation for the user or owner
> > designated in this way. In that case, the client must use the
> > appropriate name@domain string and not the special form for
> > compatibility.
String uid's have advantages, but I've been arguing that:
> > >In the case of a user upgrading from NFSv3 to NFSv4, that's the behavior
> > >they've always had, so presumably they can live with it. I'd prefer to
> > >avoid situations where something that previously worked over v3 fails
> > >when you upgrade the protocol version.
> > >
> > >I assume that most users arrive at NFSv4 by an upgrade from a previous
> > >version of NFS.
> > >
> > >So my priorities would be 1) to ensure the NFSv3->NFSv4 upgrade goes
> > >smoothly, then 2) to make it easy for users to switch from ids to
> > >strings, rather than forcing both at once.
So the question is whether there's still consensus for that SHOULD.
As Tom says:
> > I'd say that problem breaks down to being able to correctly
> > configure your id domain or to allowing a server which is not
> > connected to NIS/LDAP to be able to accept random users. With
> > NFSv3, a server will happily serve up data in these situations.
So I suppose it comes down in part to a question of whether users of the
various implementations have actually seen these problems in practice
and, if so, whether diagnosing the problem, and setting up the required
mapping, has been an obstacle to NFSv4 adoption.
--b.
next prev parent reply other threads:[~2010-08-17 19:23 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-03 2:01 numeric UIDs Victor Mataré
2010-08-03 16:43 ` Jim Rees
2010-08-03 19:22 ` J. Bruce Fields
2010-08-03 21:49 ` Daniel.Muntz
2010-08-03 21:57 ` Jim Rees
2010-08-03 22:15 ` Trond Myklebust
2010-08-03 22:23 ` J. Bruce Fields
2010-08-03 22:31 ` Trond Myklebust
2010-08-03 22:42 ` J. Bruce Fields
2010-08-04 2:02 ` Trond Myklebust
2010-08-04 17:06 ` David Brodbeck
2010-08-04 18:30 ` Andy Adamson
2010-08-04 21:32 ` David Brodbeck
2010-08-11 23:06 ` Neil Brown
2010-08-12 13:20 ` Andy Adamson
2010-08-11 23:10 ` Neil Brown
2010-08-05 15:34 ` J. Bruce Fields
2010-08-11 23:22 ` Neil Brown
2010-08-13 14:43 ` Steve Dickson
2010-08-13 16:31 ` J. Bruce Fields
2010-08-13 17:30 ` Steve Dickson
[not found] ` <4C658146.90207-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2010-08-13 17:37 ` J. Bruce Fields
2010-08-13 18:43 ` Chuck Lever
2010-08-17 17:46 ` Tom Haynes
2010-08-17 18:18 ` J. Bruce Fields
2010-08-17 18:43 ` Tom Haynes
2010-08-17 18:49 ` J. Bruce Fields
2010-08-17 19:21 ` J. Bruce Fields [this message]
[not found] ` <4C6559FA.5070809-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2010-08-16 8:30 ` Neil Brown
2010-08-13 14:40 ` Steve Dickson
2010-08-03 19:22 ` J. Bruce Fields
2010-08-17 17:48 ` Tom Haynes
2010-08-17 18:24 ` J. Bruce Fields
2010-08-17 19:00 ` Tom Haynes
2010-08-17 20:08 ` David Brodbeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100817192132.GC26609@fieldses.org \
--to=bfields@fieldses.org \
--cc=Daniel.Muntz@emc.com \
--cc=SteveD@redhat.com \
--cc=chuck.lever@oracle.com \
--cc=dreck@vmsd.ath.cx \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=nfsv4@ietf.org \
--cc=rees@umich.edu \
--cc=tdh@excfb.com \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).