1

I want to switch from NFSv3 to NFSv4 and have a problem with NFSv4 user mapping because on some systems well known uids have been assigned to normal users.

For a description of the setup please see below.

The question is how can I enforce that the mounted directory belongs to the real uid 33 instead of uid 1000.

Storage

/mnt/web_dir belongs to user www-data (uid 33).

Webserver

  • storage:/mnt/web_dir is mounted to /var/www
  • user www-data has uid 33

Management Server

  • storage:/mnt/web_dir is mounted to /mnt/web_dir
  • user www-data has uid 1000
  • user admin has uid 33

Now the problem is that uids and usernames are being mixed up on the admin server and not the real uid is being displayed. This is giving problems with rsync for example.

Local Directory on NFS-Storage

root@stor /mnt/web_dir $ ls -la
total 8
drwxr-xr-x 2 root     root     4096 Jul  3 14:01 .
drwxr-xr-x 4 root     root     4096 Jul  3 14:01 ..
-rw-r--r-- 1 www-data www-data    0 Jul  3 14:01 index.html

root@stor /mnt/web_dir $ id -u www-data
33

NFS-mounted Directory on Admin Server

root@admin /mnt/webdir $ ls -lah
insgesamt 8,0K
drwxr-xr-x 2 root     root     4,0K Jul  3 13:43 .
drwxr-xr-x 6 root     root     4,0K Jul  3 13:43 ..
-rw-r--r-- 1 www-data www-data    0 Jul  3 13:43 testfile

root@admin /mnt/web_dir $ id -u www-data
1000

root@admin /mnt/web_dir $ ls -ln
insgesamt 0
-rw-r--r-- 1 1000 1000 0 Jul  3 13:43 testfile

The configuration is as follows:

root@admin / $ cat /proc/mounts
storage:/mnt/web_dir /var/www nfs4 rw,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.x.x.x,minorversion=0,local_lock=none,addr=10.x.x.x 0 0

and

root@stor / $ exportfs -v
/mnt/web_dir
        10.x.x.x(rw,async,wdelay,no_root_squash,no_subtree_check)

and

root@admin /mnt/web_dir $ cat /etc/idmapd.conf 
[General]

Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
# set your own domain here, if id differs from FQDN minus hostname
# Domain = localdomain

[Mapping]

Nobody-User = nobody
Nobody-Group = nogroup

and

root@admin /mnt/web_dir $ dpkg -l | grep nfs
ii  libnfsidmap2:amd64                    0.25-4                        amd64        NFS idmapping library
ii  nfs-common                            1:1.2.6-4                     amd64        NFS support files common to client and server


root@stor / $ dpkg -l | grep nfs
ii  libnfsidmap2:amd64               0.25-4                        amd64        NFS idmapping library
ii  nfs-common                       1:1.2.6-4                     amd64        NFS support files common to client and server
ii  nfs-kernel-server                1:1.2.6-4                     amd64        support for NFS kernel server

Apparently the versions do matter, because I have tested the setup with Debian Jessie and the real uids are being passed to the nfs4 client. However, the problematic servers have Debian 7 and are up to date.

I appreciate any help. Thank you!

Improve this question

1 Answer 1

Reset to default
2

The problem here is that the highest activated NFS version is NFS 4.0

root@stor / $ cat /proc/fs/nfsd/versions 
+2 +3 +4 -4.1

Therefore, When the client is connecting NFS 4.0 (or minorversion=0) is the default version.

The solution is actually to mount the directory with option minorversion=1

root@admin / $ cat /proc/mounts
storage:/mnt/web_dir /var/www nfs4 rw,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.x.x.x,minorversion=1,local_lock=none,addr=10.x.x.x 0 0
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.