On Fri, 2012-06-01 at 10:26 -0600, Orion Poplawski wrote:
> On 06/01/2012 09:58 AM, Myklebust, Trond wrote:
> > On Fri, 2012-06-01 at 15:53 +0000, Orion Poplawski wrote:
> >> I'm seeing a fair number of these messages on our file server:
> >>
> >> Jun 1 09:37:58 alexandria rpc.idmapd[28890]: nss_getpwnam: name 'nobody' does
> >> not map into domain 'cora.nwra.com'
> >>
> >> I think they are coming from accessing files on another file server that are
> >> owned by an unknown uid (user left and was removed from the user database).
> >> These files end up owned by "nobody" (as expected) on the remote system:
> >>
> >> drwxr-xr-x. 7 nobody nwra 4096 Mar 15 2010 analysis_data
> >>
> >> Now, this seems like a perfectly normal operation and so shouldn't generate a
> >> system log message. First two possible fixes I can think of:
> >>
> >> - Should the remote system send the username as "nobody@xxxxxxxxxxxxx" instead
> >> of just "nobody"?
> >
> > No. According to section 5.8 of RFC3530, it should use the name "nobody"
> > without a domain, and the idmapper should be mapping that string to the
> > anonymous user (i.e. uid -2).
> >
>
> Well, it's mapping it to "nobody" id 99:
Yes, that's the correct thing to do if a user "nobody" exists.
> drwxr-xr-x. 7 99 1001 4096 Mar 15 2010 analysis_data
>
> Okay, so no domain. Also according to 5.8:
>
> In the case where there is no translation available to the client or
> server, the attribute value must be constructed without the "@".
> Therefore, the absence of the @ from the owner or owner_group
> attribute signifies that no translation was available at the sender
> and that the receiver of the attribute should not use that string as
> a basis for translation into its own internal format. Even though
> the attribute value can not be translated, it may still be useful.
> In the case of a client, the attribute string may be used for local
> display of ownership.
>
> So absence of @ indicates no need to translate locally, so don't complain
> about it. So how about this:
>
> --- ./libnfsidmap-0.25/nss.c.nobody 2011-12-05 13:28:10.000000000 -0700
> +++ ./libnfsidmap-0.25/nss.c 2012-06-01 10:23:53.408603517 -0600
> @@ -177,9 +177,10 @@
> IDMAP_LOG(4, ("nss_getpwnam: name '%s' domain '%s': "
> "resulting localname '%s'\n", name, domain, localname));
> if (localname == NULL) {
> - IDMAP_LOG(0, ("nss_getpwnam: name '%s' does not map "
> - "into domain '%s'\n", name,
> - domain ? domain : "<not-provided>"));
> + if (strchr(name, '@' != NULL)
> + IDMAP_LOG(0, ("nss_getpwnam: name '%s' does not map "
> + "into domain '%s'\n", name,
> + domain ? domain : "<not-provided>"));
> goto err_free_buf;
> }
ACK. That looks about right...
--
Trond Myklebust
Linux NFS client maintainer
NetApp
Trond.Myklebust@xxxxxxxxxx
www.netapp.com
��.n��������+%�������w��{.n�����{��w����jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
