Re: NFS drive uids/gids completely broken- for a little while
On Wed, 27 May 2015 13:31:52 -0600
Bob Proulx <bob@proulx.com> wrote:
> briand@aracnet.com wrote:
> > This is a weird one.
>
> That is a little weird that it was a transient glitch of a failure.
>
> > Tried to use ssh and saw a "bad permissions" error on my .ssh/config file.
> >
> > I do ls -l and i see uids/gids of 2^32-1 or a similar very large integer.
> >
> > WTF ?!
>
> Are you using --manage-gids?
>
> root@fs:~# grep manage-gids /etc/default/nfs-kernel-server
> RPCMOUNTDOPTS=--manage-gids
>
> $ man rpc.mountd
>
> -g or --manage-gids
> Accept requests from the kernel to map user id numbers into
> lists of group id numbers for use in access control. An NFS
> request will normally (except when using Kerberos or other
> cryptographic authentication) contains a user-id and a list of
> group-ids. Due to a limitation in the NFS protocol, at most 16
> groups ids can be listed. If you use the -g flag, then the list
> of group ids received from the client will be replaced by a list
> of group ids determined by an appropriate lookup on the
> server. Note that the 'primary' group id is not affected so a
> newgroup command on the client will still be effective. This
> function requires a Linux Kernel with version at least 2.6.21.
>
> That is normal for an NIS/yp environment. But it means that uid
> lookups are done over the network. A transient network would return
> -1 error codes for all of the numbers. It will make user ids appear
> to be -1.
>
aha. sounds like my problem. interesting that it's enabled by default.
i'm assuming that for my rinky-dink set-up with 5 users i don't need it ?
Brian
Reply to: