Re: [EXTERNAL] nfsv4 client idmapper issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 22 Sep 2022, at 9:45, Alan Maxwell wrote:

> How would the server know what gidNumber to assign if the nfs client sent
> a name?

I'm not familiar with this server, but I'm guessing if you have it set to
"Do not send names", then it also will try not to translate uid/gids it
receives.  Are you asking a theoretical question?

> Is there a method in Redhat to have the nfsclient only send
> uidNumbers/gidNumbers?

Better to use Red Hat's support for these type of questions because this
list is mostly upstream development work, but I believe that's the point of
nfs4_disable_idmapping which exists on that kernel.

> Doing id mapping or better name , id verification, is expected. We hope
> the server would tell us, "client sent name I can't verify or lookup"

Right, and that is a signal to the client that the server is not doing the
"Do not send names" thing, rather trying to map values, so the client
changes its behavior.

If you're only sending integer gid values, what does it mean to verify a
group id?  If you want your server to treat the values as integer gids, then
it shouldn't return an error that means "I couldn't translate this into a
gid".

> The nfsclient  sends both a bad name and bad gidNumber, we actually think
> that should be the case, even and security=sys , there should be
> validation of users and groups.

I'm sorry, I don't understand what you trying to say here.

Ben




[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux