54

I have a server with NFSv4. I am mounting contents of the home folder of remote user to local host. Able to read and write contents, but when I am checking ownership of files at the mounted volume from the local host, they all belongs to corresponding remote user and group (512). Is there any way to make it look like they belong to the local user and group (1000) on the local host?

/etc/exports on remote host (IP is 192.168.1.110)

/home/user512 192.168.1.142(rw,sync,all_squash,anonuid=512,anongid=512)

/etc/fstab on local host (IP is 192.168.1.142)

192.168.1.110:/home/user512    /home/localuser/projects/project512   nfs    rw,hard,intr,rsize=32768,wsize=32768    0       0
Alexander
  • 643
  • 1
  • 6
  • 7

4 Answers4

53

This is what idmapping is suppose to do. First of all, enable is on the client and server:

# echo N > /sys/module/nfs/parameters/nfs4_disable_idmapping

clean idmap cache and restart idmap daemon:

# nfsidmap -c
# service rpcidmapd restart

Now on server and the client will send instead of numeric IDs string principals like bob@YOURDOMAIN.COM. You need to have bob account on the both hosts - client and server. Nevertheless, the numeric ID's can be different.

kofemann
  • 4,308
  • 1
  • 21
  • 27
  • 13
    Ftr, on nfs server the path is /sys/module/nfsd/parameters/nfs4_disable_idmapping (nfsd, not nfs) – Mike Purcell Dec 21 '15 at 19:42
  • 4
    No service ``rpcidmapd`` on my Linux Mint client. – Powerriegel Jun 20 '16 at 17:17
  • 4
    Question about this answer: will doing `echo N > /sys/module/nfsd/parameters/nfs4_disable-idmapping` make this setting permanent, or will I have to reset it every time after reboot? – mauritslamers Nov 18 '16 at 11:36
  • 4
    Under Ubuntu the service is called `idmapd` instead of `rpcidmapd` – mauritslamers Nov 18 '16 at 11:37
  • 7
    Debian => idmapd from nfs-common package The service is named `nfs-idmapd` – Philippe Gachoud Nov 23 '18 at 10:54
  • 1
    On Fedora, the restart command is `systemctl restart nfs-idmap.service`. And on the server side, the path is: `/sys/module/nfsd/parameters/nfs4_disable_idmapping`; while on the client side it is `/sys/module/nfs/parameters/nfs4_disable_idmapping` (that is, with out the 'd' in nfs). – NYCeyes Nov 26 '18 at 23:24
9

You have all the pieces there. From the exportfs man page, all_squash maps all uids and gids to the anonymous versions. What you wrote forced those values to be 512. If you changed to 1000, the nfs server on the remote host would make everything 1000, and access should be granted.

becomingwisest
  • 3,278
  • 19
  • 17
  • 1
    My uid on the client is 1000, the uid of the user with the same name on the server is 1003. I have tried setting `anonuid=1000,anongid=1000` and `anonuid=1003,anongid=1003` (and restarting the nfsserver, and un/remounting the share) and neither work. Downvoting, because this answer does not seem to work. – Phrogz Nov 09 '16 at 17:36
  • Just to confirm, what are your export and fstab entries? – becomingwisest Nov 09 '16 at 17:39
  • 3
    `/home/gkistner *(async,rw,all_squash,anonuid=1000,anongid=1000,no_subtree_check)` in exports, and `10.20.118.112:/home/gkistner /mnt/r2 nfs rsize=8192,wsize=8192,timeo=14,intr` in fstab – Phrogz Nov 09 '16 at 17:40
4

on your nfs client, edit /etc/idmapd.conf and change

[Mapping]

Nobody-User = myappuser
Nobody-Group = myappuser

afther this restart the nfs service

c4f4t0r
  • 5,149
  • 3
  • 28
  • 41
1

I was able to fix nobody:nobody ownership issue over NFS on CentOS 6 (server) + 7 (client) with two changes:

  1. Make sure the /etc/idmapd.conf Domain parameter is the same on server and client
  2. Server has an actual user with matching UID and GID to the client

then on the client

service nfs restart

and remount shares if necessary

kuz8
  • 423
  • 1
  • 6
  • 9