On Wed, 28 May 2014 10:05:44 -0400, J. Bruce Fields wrote: > Right, I'd expect that to be mapped to nobody. Same here. But if I export a directory that is owned by nobody.nogroup, I still can't write to it as root. > You can set up a one-off mapping for a given machine credential in > idmapd.conf. (If you're using rpc.svcgssd. ...) I am using rpc.svcgssd, but even if I add the following to idmapd.conf on both the server and the client (although I think it's only necessary on the server): [Static] root/<hostname>@<realm> = root ... I still get the same result when I try to write to one of the exports as root: Permission denied. > ( ... If you're using gss-proxy I think there's similar > configuration in /etc/krb5.conf.) That would be the "auth_to_local" tag in the [Realms] section. The gss- proxy project seems to be a RedHat effort to replace rpc.svcgssd. Perhaps not such a bad idea. However, I'm using Debian. Thanks, Jaap -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
