6

I have two machines, both with CentOS 6.4 installed, connected on the same private network.

One of them has the purpose of being a NFS server, and the other it's client.

On the server machine (server) I exported the directory /net/directory by adding the line to the /etc/exports file

/net/directory *(rw,sync,no_root_squash)

With the service started, I went to the client and add mount point to /etc/fstab

server:/net/directory   /client/directory       nfs defaults    0 0

And then mounted

# mount /client/directory

The problem is that when I create a new file/directory inside the mounted point from the client, that file is going be mapped as nobody:nobody when created as an unknown user of the server side.

Here's an example (for clarification)

On the client side only there is an user and group with the same name called testuser

  • username: testuser
  • UID: 1001
  • GID: 1001

On the client side I create a file as testuser

[testuser@client ~]# touch /client/directory/test

Then I list the directory content

[testuser@client ~]# ls -l /client/directory
total 0
-rw-r--r--. 1 nobody nobody 0 Jul  2 16:46 test

But on the server side everything is as expected:

[root@earth ~]# ls -l /net/directory
total 0
-rw-r--r--. 1 1001 1001 0 Jul  2 16:46 test

I want the same result on the client side:

- the file must be with UID:GID as 1001:1001

What am I doing wrong? Is this a server or client issue?

I searched around several NFS manuals, and nothing is helping me.

Does anyone knows how can I do this (without creating the user on the server side)?

Thank you.

Jorge
  • 163
  • 1
  • 1
  • 3
  • 3
    Please be aware of the enormous security hole you introduce by exporting to everyone (`*`) with `no_root_squash`. You can see the impact with NfSpy, which was written to exploit this hole: https://github.com/bonsaiviking/NfSpy – bonsaiviking Jul 02 '13 at 18:30
  • @bonsaiviking Thanks. I didn't know the existence of that exploit. I'll keep that in mind. – Jorge Jul 03 '13 at 09:54

1 Answers1

5

Check that domain in /etc/idmapd.conf is the same on the client and server. Check that rpc.idmapd is running on the client and the server. And, of course, user should exist on the client and server. NFSv4 uses user principals on the wire and it's responsibility the client and server to provide a propper mapping. As you use AUTH_SYS local uid/gid propogated to the server on create, but 'ls' rquires mapping to work.

kofemann
  • 4,308
  • 1
  • 21
  • 27
  • The idmapd is running and the domain are the same: if a user exists on both (client and server), there is no such problem that I referred in this thread. What I need is to use `ls`, without showing `nobody` as UID and GID, and instead of that, show their numerical IDs if they don't exist on the server side. Imagine this use case: the server is an data storage of several systems, that don't need to have the knowledge of the system's users/groups. – Jorge Jul 03 '13 at 13:45
  • 1
    This is true for NFsv3 and will not work with NFSv4. V4 relay on the fact, that user names are shared between client and server, while uid/gid cant be different. In opposite, v3 shares uid and gid. Probably, you have to mount with vers=3 to solve your problem. The other possibility to turn off id mapping on the server side: echo "options nfs nfs4_disable_idmapping=1" > /etc/modprobe.d/nfs.conf – kofemann Jul 03 '13 at 14:16
  • 3
    Just worked for me by adding the options `rw,vers=3,addr=` in `/etc/fstab` client's file, used to mount that point. Thanks for your help! – Jorge Jul 03 '13 at 19:39