I've been experimenting with user/group ID mapping (translation) in NFSv4. What I want to achieve is name based ID translation, that is independent of the actual UID/GID on the server and clients.
Many guides and articles mention that to have ID mapping working you have to set nfs4_disable_idmapping
parameter to 0
(aka N) in the nfs
module on client, and nfsd
module on the server. However, I didn't find any information or documentation about what exactly this parameter does.
As an experiment, I configured NFSv4 server and client (with sec=krb5
) and I deliberately left these parameters at their default value (mapping disabled).
I can verify that the mapping is disabled on server:
$ cat /sys/module/nfsd/parameters/nfs4_disable_idmapping
Y
and on the client:
$ cat /sys/module/nfs/parameters/nfs4_disable_idmapping
Y
I created users bob(uid=1002)
and sam(uid=1001)
on the server, and users bob(uid=1003)
and sam(uid=1004)
on the client. As you can see, the UIDs do not match, however, the users are still mapped correctly. File created by the bob
user on the is seen as owned by bob
on the server, and vice versa.
Moreover, if I look at the logs on the client:
nfsidmap[1874]: key: 0x322c739a type: uid value: bob@home.lan timeout 600
nfsidmap[1874]: nfs4_name_to_uid: calling nsswitch->name_to_uid
nfsidmap[1874]: nss_getpwnam: name 'bob@home.lan' domain 'home.lan': resulting localname 'bob'
nfsidmap[1874]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
nfsidmap[1874]: nfs4_name_to_uid: final return value is 0
and on the server:
rpc.idmapd[1717]: nfsdcb: authbuf=gss/krb5p authtype=user
rpc.idmapd[1717]: nfs4_uid_to_name: calling nsswitch->uid_to_name
rpc.idmapd[1717]: nfs4_uid_to_name: nsswitch->uid_to_name returned 0
rpc.idmapd[1717]: nfs4_uid_to_name: final return value is 0
rpc.idmapd[1717]: Server : (user) id "1002" -> name "bob@home.lan"
they both suggest that ID mapping is indeed working "by name" rather then "by id".
So my question is: what is nfs4_disable_idmapping
parameter for then, if it seems not to have any observable effect on the ID mapping?