NFS v4 mounts and bizarro id mapping

Hi, I'm struggling to get the idmapd component of NFSv4 mounts on Linux (Debian Squeeze) to work properly. However, it's a different kind of problem to the common issue everyone has with it on the internet, so Googling isn't getting me very far :( idmapd is running on all servers concerned, and with the verbosity turned up to the max, syslog indicates it seems to be getting called with expected values. It seems to be working on the surface, in that if you 'ls' in a directory, it has correctly mapped the users and groups over to the local ones, so they match up. ie. if toby has uid=1000 on one server and uid=1001 on another, then looking at the files on both servers will show the owner to be toby. However, actually attempting to manipulate/access files or directories fails with "Permission denied" errors. If I fudge the uid on one server to use the uid that I know is actually in use on the other server, then I can access the file.. but a "ls" will show it to be owned by another user. So in other words, reads seem to be using the idmapping, but writes seem to be bypassing it. Any suggestions? Thanks in advance, Toby

On 28/03/12 10:58, Toby Corkindale wrote:
Hi, I'm struggling to get the idmapd component of NFSv4 mounts on Linux (Debian Squeeze) to work properly. However, it's a different kind of problem to the common issue everyone has with it on the internet, so Googling isn't getting me very far :(
idmapd is running on all servers concerned, and with the verbosity turned up to the max, syslog indicates it seems to be getting called with expected values.
It seems to be working on the surface, in that if you 'ls' in a directory, it has correctly mapped the users and groups over to the local ones, so they match up.
ie. if toby has uid=1000 on one server and uid=1001 on another, then looking at the files on both servers will show the owner to be toby.
However, actually attempting to manipulate/access files or directories fails with "Permission denied" errors. If I fudge the uid on one server to use the uid that I know is actually in use on the other server, then I can access the file.. but a "ls" will show it to be owned by another user.
So in other words, reads seem to be using the idmapping, but writes seem to be bypassing it.
To illustrate the problem, see the commands below. They show that the "postie" user has uid 2012, and that a given directory has the same 2012 uid with write permission. However actually attempting to write to it results in a Permission Denied error. root@nfstest:~# getent passwd postie postie:x:2012:2012::/home/postie:/bin/sh root@nfstest:~# su - postie $ cd /srv/test $ ls -l drwxr-xr-x 2 postie root 4096 Mar 28 11:04 post $ ls -l --numeric-uid-gid drwxr-xr-x 2 2012 0 4096 Mar 28 11:04 post $ touch post/foo touch: cannot touch `post/foo': Permission denied I have now gone to the NFS server, and changed the ownership of the directory to be the exact uid of the user on the client. As these commands show, the client now reports the directory as owned by nobody, yet despite this, writing to the directory succeeds. $ ls -l drwxr-xr-x 2 nobody root 4096 Mar 28 11:04 post $ ls -ln drwxr-xr-x 2 65534 0 4096 Mar 28 11:04 post $ touch post/foo # succeeds!

On 28/03/12 15:45, Jason White wrote:
Toby Corkindale<toby.corkindale@strategicdata.com.au> wrote:
Any suggestions?
Submit a bug report.
Ah OK, so there's nothing you can see that I'm doing wrong then? Thanks for checking it over. Bug report now submitted to the nfs-linux.org bugzilla. It doesn't look very active - my report was #266. Hmm :/ Toby

Toby Corkindale wrote:
On 28/03/12 15:45, Jason White wrote:
Toby Corkindale<toby.corkindale@strategicdata.com.au> wrote:
Any suggestions?
Submit a bug report.
Ah OK, so there's nothing you can see that I'm doing wrong then? Thanks for checking it over.
Bug report now submitted to the nfs-linux.org bugzilla. It doesn't look very active - my report was #266. Hmm :/
In Debian, unless I already have an established relationship with upstream, I usually submit the report to debbugs. Of course, this approach falls apart if the DD is AWOL or not on speaking terms with upstream...

On 28 March 2012 16:40, Toby Corkindale <toby.corkindale@strategicdata.com.au> wrote:
Bug report now submitted to the nfs-linux.org bugzilla. It doesn't look very active - my report was #266.
Apologies for digging up an old thread, but for posterity sake this was actually #226 https://bugzilla.linux-nfs.org/show_bug.cgi?id=226 -- Joel Shea <jwshea@gmail.com>
participants (4)
-
Jason White
-
Joel W Shea
-
Toby Corkindale
-
Trent W. Buck