[Bug 264570] nfsuserd: Mapping of Userids mismatched

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 12 Jun 2022 22:43:18 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264570

--- Comment #2 from Rick Macklem <rmacklem@FreeBSD.org> ---
A few comments...
- If you are using nfsuserd, both sysctls should be 0.
  vfs.nfs.enable_uidtostring=0
  vfs.nfsd.enable_stringtouid=0
on the server. On the client, vfs.nfsd.stringtouid is
not used.

- Since you are using AUTH_SYS (sec=sys), then the credentials
  in the RPC requests header are numeric uids. That is the
  "user" doing the create and, therefore, that "uid" is going
  to be the owner. nfsuserd or "numbers in user/group strings"
  only affects the entries in Getattr/Setattr for Owner and OwnerGroup
  and does not affect the RPC request's user credentials in the RPC
  header.
  (The only time there are no numeric uids in the RPC request's
   credential is when Kerberized mounts are being used. For that
   case, the credential refers to a Kerberos principal, which is
   normally "user@REALM".)

- In "man nfsv4" it states...
     Although uid/gid numbers are no longer used in the NFSv4 protocol except
     optionally in the above strings, they will still be in the RPC
     authentication fields when using AUTH_SYS (sec=sys), which is the
     default.  As such, in this case both the user/group name and number
     spaces must be consistent between the client and server.
  To do otherwise, simply breaks things, as you have demonstrated.

-- 
You are receiving this mail because:
You are the assignee for the bug.