On 28/03/12 10:58, Toby Corkindale wrote:
Hi, I'm struggling to get the idmapd component of NFSv4 mounts on Linux (Debian Squeeze) to work properly. However, it's a different kind of problem to the common issue everyone has with it on the internet, so Googling isn't getting me very far :(
idmapd is running on all servers concerned, and with the verbosity turned up to the max, syslog indicates it seems to be getting called with expected values.
It seems to be working on the surface, in that if you 'ls' in a directory, it has correctly mapped the users and groups over to the local ones, so they match up.
ie. if toby has uid=1000 on one server and uid=1001 on another, then looking at the files on both servers will show the owner to be toby.
However, actually attempting to manipulate/access files or directories fails with "Permission denied" errors. If I fudge the uid on one server to use the uid that I know is actually in use on the other server, then I can access the file.. but a "ls" will show it to be owned by another user.
So in other words, reads seem to be using the idmapping, but writes seem to be bypassing it.
To illustrate the problem, see the commands below. They show that the "postie" user has uid 2012, and that a given directory has the same 2012 uid with write permission. However actually attempting to write to it results in a Permission Denied error. root@nfstest:~# getent passwd postie postie:x:2012:2012::/home/postie:/bin/sh root@nfstest:~# su - postie $ cd /srv/test $ ls -l drwxr-xr-x 2 postie root 4096 Mar 28 11:04 post $ ls -l --numeric-uid-gid drwxr-xr-x 2 2012 0 4096 Mar 28 11:04 post $ touch post/foo touch: cannot touch `post/foo': Permission denied I have now gone to the NFS server, and changed the ownership of the directory to be the exact uid of the user on the client. As these commands show, the client now reports the directory as owned by nobody, yet despite this, writing to the directory succeeds. $ ls -l drwxr-xr-x 2 nobody root 4096 Mar 28 11:04 post $ ls -ln drwxr-xr-x 2 65534 0 4096 Mar 28 11:04 post $ touch post/foo # succeeds!