On 2/23/21 11:13 AM, Daniel Kobras wrote:
> Ported manage-gids option from mountd
>
> Signed-off-by: Daniel Kobras <kobras@xxxxxxxxxxxxx>
Committed... Thanks!
steved.
> ---
> Hi Steve!
>
> Option --manage-gids should still be useful with NFSv4 and AUTH_SYS, but
> commit 15dc0bead10d20c31e72ca94ce21eb66dc3528d5 does not allow to actually
> control the global variable manage_gids from exportd. I assume something
> like the following was intended?
>
> Kind regards,
>
> Daniel
>
> nfs.conf | 1 +
> utils/exportd/exportd.c | 8 +++++++-
> utils/exportd/exportd.man | 16 ++++++++++++++++
> 3 files changed, 24 insertions(+), 1 deletion(-)
>
> diff --git a/nfs.conf b/nfs.conf
> index bebb2e3d..e69ec16d 100644
> --- a/nfs.conf
> +++ b/nfs.conf
> @@ -31,6 +31,7 @@
> #
> [exportd]
> # debug="all|auth|call|general|parse"
> +# manage-gids=n
> # state-directory-path=/var/lib/nfs
> # threads=1
> [mountd]
> diff --git a/utils/exportd/exportd.c b/utils/exportd/exportd.c
> index 7130bcbf..0d7782be 100644
> --- a/utils/exportd/exportd.c
> +++ b/utils/exportd/exportd.c
> @@ -42,6 +42,7 @@ static struct option longopts[] =
> { "foreground", 0, 0, 'F' },
> { "debug", 1, 0, 'd' },
> { "help", 0, 0, 'h' },
> + { "manage-gids", 0, 0, 'g' },
> { "num-threads", 1, 0, 't' },
> { NULL, 0, 0, 0 }
> };
> @@ -174,6 +175,7 @@ usage(const char *prog, int n)
> {
> fprintf(stderr,
> "Usage: %s [-f|--foreground] [-h|--help] [-d kind|--debug kind]\n"
> +" [-g|--manage-gids]\n"
> " [-s|--state-directory-path path]\n"
> " [-t num|--num-threads=num]\n", prog);
> exit(n);
> @@ -188,6 +190,7 @@ read_exportd_conf(char *progname, char **argv)
>
> xlog_set_debug(progname);
>
> + manage_gids = conf_get_bool("exportd", "manage-gids", manage_gids);
> num_threads = conf_get_num("exportd", "threads", num_threads);
>
> s = conf_get_str("exportd", "state-directory-path");
> @@ -214,7 +217,7 @@ main(int argc, char **argv)
> /* Read in config setting */
> read_exportd_conf(progname, argv);
>
> - while ((c = getopt_long(argc, argv, "d:fhs:t:", longopts, NULL)) != EOF) {
> + while ((c = getopt_long(argc, argv, "d:fghs:t:", longopts, NULL)) != EOF) {
> switch (c) {
> case 'd':
> xlog_sconfig(optarg, 1);
> @@ -222,6 +225,9 @@ main(int argc, char **argv)
> case 'f':
> foreground++;
> break;
> + case 'g':
> + manage_gids = 1;
> + break;
> case 'h':
> usage(progname, 0);
> break;
> diff --git a/utils/exportd/exportd.man b/utils/exportd/exportd.man
> index 1d65b5e0..d7884562 100644
> --- a/utils/exportd/exportd.man
> +++ b/utils/exportd/exportd.man
> @@ -51,6 +51,21 @@ spawns. The default is 1 thread, which is probably enough. More
> threads are usually only needed for NFS servers which need to handle
> mount storms of hundreds of NFS mounts in a few seconds, or when
> your DNS server is slow or unreliable.
> +.TP
> +.BR \-g " or " \-\-manage-gids
> +Accept requests from the kernel to map user id numbers into lists of
> +group id numbers for use in access control. An NFS request will
> +normally (except when using Kerberos or other cryptographic
> +authentication) contain a user-id and a list of group-ids. Due to a
> +limitation in the NFS protocol, at most 16 groups ids can be listed.
> +If you use the
> +.B \-g
> +flag, then the list of group ids received from the client will be
> +replaced by a list of group ids determined by an appropriate lookup on
> +the server. Note that the 'primary' group id is not affected so a
> +.B newgroup
> +command on the client will still be effective. This function requires
> +a Linux Kernel with version at least 2.6.21.
> .SH CONFIGURATION FILE
> Many of the options that can be set on the command line can also be
> controlled through values set in the
> @@ -63,6 +78,7 @@ configuration file.
> Values recognized in the
> .B [exportd]
> section include
> +.BR manage-gids ", and"
> .B debug
> which each have the same effect as the option with the same name.
> .SH FILES
>
