[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#702448: nfs-common: UID's do not get properly mapped

        "I've created users test1 and test2 in /etc/passwd, but with
        swapped UID's"

There's a common (and understable) mistake here: many people think that
NFSv4 never requires uid's and gid's to agree between hosts.  This is
not true.

NFSv4, when used with traditional auth_sys authentication, requires
names and ID's to agree between client and server.  The behavior you
describe is as expected.

The issue is that while the NFSv4 protocol itself uses names, it's the
RPC protocol (which NFSv4 runs on top of) which carries the information
about who is performing a given RPC.

How exactly it identifies the user depends on the security flavor.  In
the auth_sys case, it uses numeric ID's. 

For example, in this case, when you create a file, the owner of the new
file will the one who performed the create.  The server determines this
from the uid sent in the rpc header.  However, when you "ls -l" the
file, the information about who owns the file is returned as a name in
the body of the NFSv4 reply.

The clearest way to see what's going on is to rerun your test cases
while watching the traffic in wireshark, and look at both the rpc
headers and the bodies of the requests.

If you wish to get away from numeric id's on the wire, you need to
switch to using NFSv4 with kerberos instead of auth_sys.

Reply to: