Ported manage-gids option from mountd Signed-off-by: Daniel Kobras <kobras@xxxxxxxxxxxxx> --- Hi Steve! Option --manage-gids should still be useful with NFSv4 and AUTH_SYS, but commit 15dc0bead10d20c31e72ca94ce21eb66dc3528d5 does not allow to actually control the global variable manage_gids from exportd. I assume something like the following was intended? Kind regards, Daniel nfs.conf | 1 + utils/exportd/exportd.c | 8 +++++++- utils/exportd/exportd.man | 16 ++++++++++++++++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/nfs.conf b/nfs.conf index bebb2e3d..e69ec16d 100644 --- a/nfs.conf +++ b/nfs.conf @@ -31,6 +31,7 @@ # [exportd] # debug="all|auth|call|general|parse" +# manage-gids=n # state-directory-path=/var/lib/nfs # threads=1 [mountd] diff --git a/utils/exportd/exportd.c b/utils/exportd/exportd.c index 7130bcbf..0d7782be 100644 --- a/utils/exportd/exportd.c +++ b/utils/exportd/exportd.c @@ -42,6 +42,7 @@ static struct option longopts[] = { "foreground", 0, 0, 'F' }, { "debug", 1, 0, 'd' }, { "help", 0, 0, 'h' }, + { "manage-gids", 0, 0, 'g' }, { "num-threads", 1, 0, 't' }, { NULL, 0, 0, 0 } }; @@ -174,6 +175,7 @@ usage(const char *prog, int n) { fprintf(stderr, "Usage: %s [-f|--foreground] [-h|--help] [-d kind|--debug kind]\n" +" [-g|--manage-gids]\n" " [-s|--state-directory-path path]\n" " [-t num|--num-threads=num]\n", prog); exit(n); @@ -188,6 +190,7 @@ read_exportd_conf(char *progname, char **argv) xlog_set_debug(progname); + manage_gids = conf_get_bool("exportd", "manage-gids", manage_gids); num_threads = conf_get_num("exportd", "threads", num_threads); s = conf_get_str("exportd", "state-directory-path"); @@ -214,7 +217,7 @@ main(int argc, char **argv) /* Read in config setting */ read_exportd_conf(progname, argv); - while ((c = getopt_long(argc, argv, "d:fhs:t:", longopts, NULL)) != EOF) { + while ((c = getopt_long(argc, argv, "d:fghs:t:", longopts, NULL)) != EOF) { switch (c) { case 'd': xlog_sconfig(optarg, 1); @@ -222,6 +225,9 @@ main(int argc, char **argv) case 'f': foreground++; break; + case 'g': + manage_gids = 1; + break; case 'h': usage(progname, 0); break; diff --git a/utils/exportd/exportd.man b/utils/exportd/exportd.man index 1d65b5e0..d7884562 100644 --- a/utils/exportd/exportd.man +++ b/utils/exportd/exportd.man @@ -51,6 +51,21 @@ spawns. The default is 1 thread, which is probably enough. More threads are usually only needed for NFS servers which need to handle mount storms of hundreds of NFS mounts in a few seconds, or when your DNS server is slow or unreliable. +.TP +.BR \-g " or " \-\-manage-gids +Accept requests from the kernel to map user id numbers into lists of +group id numbers for use in access control. An NFS request will +normally (except when using Kerberos or other cryptographic +authentication) contain a user-id and a list of group-ids. Due to a +limitation in the NFS protocol, at most 16 groups ids can be listed. +If you use the +.B \-g +flag, then the list of group ids received from the client will be +replaced by a list of group ids determined by an appropriate lookup on +the server. Note that the 'primary' group id is not affected so a +.B newgroup +command on the client will still be effective. This function requires +a Linux Kernel with version at least 2.6.21. .SH CONFIGURATION FILE Many of the options that can be set on the command line can also be controlled through values set in the @@ -63,6 +78,7 @@ configuration file. Values recognized in the .B [exportd] section include +.BR manage-gids ", and" .B debug which each have the same effect as the option with the same name. .SH FILES -- 2.25.1 -- Puzzle ITC Deutschland GmbH Sitz der Gesellschaft: Eisenbahnstraße 1, 72072 Tübingen Eingetragen am Amtsgericht Stuttgart HRB 765802 Geschäftsführer: Lukas Kallies, Daniel Kobras, Mark Pröhl