Wrong user mapping in a NFS share. Is idmap broken or just configured wrong?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have a Server (Debian) that is serving some folders trough NFS and a Client (Debian) that connects to the NFS Server (With NFSv4) and mounts that exported folder. So far everything is fine, I can connect and modify the content of the folders. But the users are completely messed up. From what I understand this is due to NFS using the UIDs to set the permissions, and as the UIDs of the users from the Client and the Server differ, then this happens, which is still expected. But from what I understood, by enabling NFSv4, IDMAPD should kick in and use the username instead of the UIDs. The users do exist on the Server and Client side, they just have different UIDs. But for whatever reason IDMAPD doesn't work or doesn't seem to do anything.
So here is what I've done so far:
On Server Side:
- installed nfs-kernel-server
- populated the /etc/exports with the proper export settings --> /rfolder ip/24(rw,sync,no_subtree_check,no_root_squash)
- and changed /etc/default/nfs-common to have NEED_IDMAPD=yes
On the Client Side
- installed nfs-common
- and changed /etc/default/nfs-common to have NEED_IDMAPD=yes
- and mount the folder with "mount -t nfs4 ip:/rfolder /media/lfolder"
Rebooted and restarted both several times, but still nothing. When I create from the Server a folder with user A, on the Client I see that the folder owner is some user X. When I create a file from the Client with user A, on the Server side it says its from some user Y.
I checked with HTOP that the rpc.idmap process is running on the Server and it is indeed. Although on the Client it doesn't appears to be running. By trying to manually start the service on the Client I just got an error message stating that IDMAP requires the nfs-kernel-server dependency to run. So I installed it on the Client side, and now I have the rpc.idmap process running on both Client and Server. Restarted both, and the issue still persists.
Any idea what is wrong here? Or how to configure this properly?
permissions users nfs
asked Apr 20 at 13:28
Robert Koszewski
184
add a comment |Â
up vote
0
down vote
favorite
I have a Server (Debian) that is serving some folders trough NFS and a Client (Debian) that connects to the NFS Server (With NFSv4) and mounts that exported folder. So far everything is fine, I can connect and modify the content of the folders. But the users are completely messed up. From what I understand this is due to NFS using the UIDs to set the permissions, and as the UIDs of the users from the Client and the Server differ, then this happens, which is still expected. But from what I understood, by enabling NFSv4, IDMAPD should kick in and use the username instead of the UIDs. The users do exist on the Server and Client side, they just have different UIDs. But for whatever reason IDMAPD doesn't work or doesn't seem to do anything.
So here is what I've done so far:
On Server Side:
- installed nfs-kernel-server
- populated the /etc/exports with the proper export settings --> /rfolder ip/24(rw,sync,no_subtree_check,no_root_squash)
- and changed /etc/default/nfs-common to have NEED_IDMAPD=yes
On the Client Side
- installed nfs-common
- and changed /etc/default/nfs-common to have NEED_IDMAPD=yes
- and mount the folder with "mount -t nfs4 ip:/rfolder /media/lfolder"
Rebooted and restarted both several times, but still nothing. When I create from the Server a folder with user A, on the Client I see that the folder owner is some user X. When I create a file from the Client with user A, on the Server side it says its from some user Y.
I checked with HTOP that the rpc.idmap process is running on the Server and it is indeed. Although on the Client it doesn't appears to be running. By trying to manually start the service on the Client I just got an error message stating that IDMAP requires the nfs-kernel-server dependency to run. So I installed it on the Client side, and now I have the rpc.idmap process running on both Client and Server. Restarted both, and the issue still persists.
Any idea what is wrong here? Or how to configure this properly?
permissions users nfs
asked Apr 20 at 13:28
Robert Koszewski
184
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have a Server (Debian) that is serving some folders trough NFS and a Client (Debian) that connects to the NFS Server (With NFSv4) and mounts that exported folder. So far everything is fine, I can connect and modify the content of the folders. But the users are completely messed up. From what I understand this is due to NFS using the UIDs to set the permissions, and as the UIDs of the users from the Client and the Server differ, then this happens, which is still expected. But from what I understood, by enabling NFSv4, IDMAPD should kick in and use the username instead of the UIDs. The users do exist on the Server and Client side, they just have different UIDs. But for whatever reason IDMAPD doesn't work or doesn't seem to do anything.
So here is what I've done so far:
On Server Side:
- installed nfs-kernel-server
- populated the /etc/exports with the proper export settings --> /rfolder ip/24(rw,sync,no_subtree_check,no_root_squash)
- and changed /etc/default/nfs-common to have NEED_IDMAPD=yes
On the Client Side
- installed nfs-common
- and changed /etc/default/nfs-common to have NEED_IDMAPD=yes
- and mount the folder with "mount -t nfs4 ip:/rfolder /media/lfolder"
Rebooted and restarted both several times, but still nothing. When I create from the Server a folder with user A, on the Client I see that the folder owner is some user X. When I create a file from the Client with user A, on the Server side it says its from some user Y.
I checked with HTOP that the rpc.idmap process is running on the Server and it is indeed. Although on the Client it doesn't appears to be running. By trying to manually start the service on the Client I just got an error message stating that IDMAP requires the nfs-kernel-server dependency to run. So I installed it on the Client side, and now I have the rpc.idmap process running on both Client and Server. Restarted both, and the issue still persists.
Any idea what is wrong here? Or how to configure this properly?
permissions users nfs
asked Apr 20 at 13:28
Robert Koszewski
184
I have a Server (Debian) that is serving some folders trough NFS and a Client (Debian) that connects to the NFS Server (With NFSv4) and mounts that exported folder. So far everything is fine, I can connect and modify the content of the folders. But the users are completely messed up. From what I understand this is due to NFS using the UIDs to set the permissions, and as the UIDs of the users from the Client and the Server differ, then this happens, which is still expected. But from what I understood, by enabling NFSv4, IDMAPD should kick in and use the username instead of the UIDs. The users do exist on the Server and Client side, they just have different UIDs. But for whatever reason IDMAPD doesn't work or doesn't seem to do anything.
So here is what I've done so far:
On Server Side:
- installed nfs-kernel-server
- populated the /etc/exports with the proper export settings --> /rfolder ip/24(rw,sync,no_subtree_check,no_root_squash)
- and changed /etc/default/nfs-common to have NEED_IDMAPD=yes
On the Client Side
- installed nfs-common
- and changed /etc/default/nfs-common to have NEED_IDMAPD=yes
- and mount the folder with "mount -t nfs4 ip:/rfolder /media/lfolder"
Rebooted and restarted both several times, but still nothing. When I create from the Server a folder with user A, on the Client I see that the folder owner is some user X. When I create a file from the Client with user A, on the Server side it says its from some user Y.
I checked with HTOP that the rpc.idmap process is running on the Server and it is indeed. Although on the Client it doesn't appears to be running. By trying to manually start the service on the Client I just got an error message stating that IDMAP requires the nfs-kernel-server dependency to run. So I installed it on the Client side, and now I have the rpc.idmap process running on both Client and Server. Restarted both, and the issue still persists.
Any idea what is wrong here? Or how to configure this properly?
permissions users nfs
asked Apr 20 at 13:28
Robert Koszewski
184
asked Apr 20 at 13:28
Robert Koszewski
184
asked Apr 20 at 13:28
Robert Koszewski
184
asked Apr 20 at 13:28
Robert Koszewski
184
184
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
It is fairly known and documented behaviour. If you have different users in the server side, and client side who share the same uid, the files will appear to have different owners.
Besides shared files, it is advisable to take care to map the users with the same id in all machines sharing the same filesystems.
You can do it manually, some minimum automation/scripting system, or better yet, or setting up centralized authentication, for instance, with LDAP. see Centralized authentication using OpenLDAP
answered Apr 20 at 18:55
Rui F Ribeiro
34.5k1269113
I'm aware that this is a known way of how NFSv3 and older work. But this is supposedly solved in NFSv4 which comes with IDMAP which should map the usernames independently of the UID of each system. So I'd like to go the official way rather than hacking around and manually synchonizing the UIDs (Who knows if something else is not using the UID on that system?) or working around with LDAP. LDAP is not an option anyway because the systems are connected trough a VPN, so a permanent connection is never guaranteed.
– Robert Koszewski
Apr 21 at 10:40
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
It is fairly known and documented behaviour. If you have different users in the server side, and client side who share the same uid, the files will appear to have different owners.
Besides shared files, it is advisable to take care to map the users with the same id in all machines sharing the same filesystems.
You can do it manually, some minimum automation/scripting system, or better yet, or setting up centralized authentication, for instance, with LDAP. see Centralized authentication using OpenLDAP
answered Apr 20 at 18:55
Rui F Ribeiro
34.5k1269113
I'm aware that this is a known way of how NFSv3 and older work. But this is supposedly solved in NFSv4 which comes with IDMAP which should map the usernames independently of the UID of each system. So I'd like to go the official way rather than hacking around and manually synchonizing the UIDs (Who knows if something else is not using the UID on that system?) or working around with LDAP. LDAP is not an option anyway because the systems are connected trough a VPN, so a permanent connection is never guaranteed.
– Robert Koszewski
Apr 21 at 10:40
add a comment |Â
up vote
0
down vote
It is fairly known and documented behaviour. If you have different users in the server side, and client side who share the same uid, the files will appear to have different owners.
Besides shared files, it is advisable to take care to map the users with the same id in all machines sharing the same filesystems.
You can do it manually, some minimum automation/scripting system, or better yet, or setting up centralized authentication, for instance, with LDAP. see Centralized authentication using OpenLDAP
answered Apr 20 at 18:55
Rui F Ribeiro
34.5k1269113
I'm aware that this is a known way of how NFSv3 and older work. But this is supposedly solved in NFSv4 which comes with IDMAP which should map the usernames independently of the UID of each system. So I'd like to go the official way rather than hacking around and manually synchonizing the UIDs (Who knows if something else is not using the UID on that system?) or working around with LDAP. LDAP is not an option anyway because the systems are connected trough a VPN, so a permanent connection is never guaranteed.
– Robert Koszewski
Apr 21 at 10:40
add a comment |Â
up vote
0
down vote
up vote
0
down vote
It is fairly known and documented behaviour. If you have different users in the server side, and client side who share the same uid, the files will appear to have different owners.
Besides shared files, it is advisable to take care to map the users with the same id in all machines sharing the same filesystems.
You can do it manually, some minimum automation/scripting system, or better yet, or setting up centralized authentication, for instance, with LDAP. see Centralized authentication using OpenLDAP
answered Apr 20 at 18:55
Rui F Ribeiro
34.5k1269113
It is fairly known and documented behaviour. If you have different users in the server side, and client side who share the same uid, the files will appear to have different owners.
Besides shared files, it is advisable to take care to map the users with the same id in all machines sharing the same filesystems.
You can do it manually, some minimum automation/scripting system, or better yet, or setting up centralized authentication, for instance, with LDAP. see Centralized authentication using OpenLDAP
answered Apr 20 at 18:55
Rui F Ribeiro
34.5k1269113
answered Apr 20 at 18:55
Rui F Ribeiro
34.5k1269113
answered Apr 20 at 18:55
Rui F Ribeiro
34.5k1269113
answered Apr 20 at 18:55
Rui F Ribeiro
34.5k1269113
34.5k1269113
I'm aware that this is a known way of how NFSv3 and older work. But this is supposedly solved in NFSv4 which comes with IDMAP which should map the usernames independently of the UID of each system. So I'd like to go the official way rather than hacking around and manually synchonizing the UIDs (Who knows if something else is not using the UID on that system?) or working around with LDAP. LDAP is not an option anyway because the systems are connected trough a VPN, so a permanent connection is never guaranteed.
– Robert Koszewski
Apr 21 at 10:40
add a comment |Â
I'm aware that this is a known way of how NFSv3 and older work. But this is supposedly solved in NFSv4 which comes with IDMAP which should map the usernames independently of the UID of each system. So I'd like to go the official way rather than hacking around and manually synchonizing the UIDs (Who knows if something else is not using the UID on that system?) or working around with LDAP. LDAP is not an option anyway because the systems are connected trough a VPN, so a permanent connection is never guaranteed.
– Robert Koszewski
Apr 21 at 10:40
I'm aware that this is a known way of how NFSv3 and older work. But this is supposedly solved in NFSv4 which comes with IDMAP which should map the usernames independently of the UID of each system. So I'd like to go the official way rather than hacking around and manually synchonizing the UIDs (Who knows if something else is not using the UID on that system?) or working around with LDAP. LDAP is not an option anyway because the systems are connected trough a VPN, so a permanent connection is never guaranteed.
– Robert Koszewski
Apr 21 at 10:40
I'm aware that this is a known way of how NFSv3 and older work. But this is supposedly solved in NFSv4 which comes with IDMAP which should map the usernames independently of the UID of each system. So I'd like to go the official way rather than hacking around and manually synchonizing the UIDs (Who knows if something else is not using the UID on that system?) or working around with LDAP. LDAP is not an option anyway because the systems are connected trough a VPN, so a permanent connection is never guaranteed.
– Robert Koszewski
Apr 21 at 10:40
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f438939%2fwrong-user-mapping-in-a-nfs-share-is-idmap-broken-or-just-configured-wrong%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
