[nfs-discuss] NFSv4, NFS4ERR_BADOWNER error, Linux client - Whats the solution?

J. Bruce Fields bfields at fieldses.org
Sat Jun 14 12:45:52 EDT 2008 

On Sat, Jun 14, 2008 at 10:44:33AM -0500, Robert Gordon wrote:
> 
> On Jun 5, 2008, at 2:22 AM, Robert Davidson wrote:
> {snipped} full text: http://www.opensolaris.org/jive/thread.jspa?threadID=62725&tstart=0
> 
> 
> 
> >
> > So if thats correct, then is there any way to take UID/GID mapping out
> > of the picture and just use stringified UIDs and GIDs over the network
> > (which I read is not recommended, but I don't know that I have any
> > choice in the matter considering what I want to do).
> 
> I think your assessment is correct, so the question is...
> Can the rpcidmapd on linux be coerced into using the numeric string
> version of GID/UID in the OTW calls.. I'd suspect that it would
> prefer to use nobody.. but! that would be a WAG.. Maybe Bruce or Trond
> (or someone :) ) will know..

Idmapd doesn't currently support gid's/uid's in the names.  Looks like
rfc 3530 does allow that:

	To provide a greater degree of compatibility with previous
	versions of NFS (i.e., v2 and v3), which identified users and
	groups by 32-bit unsigned uid's and gid's, owner and group
	strings that consist of decimal numeric values with no leading
	zeros can be given a special interpretation by clients and
	servers which choose to provide such support.  The receiver may
	treat such a user or group string as representing the same user
	as would be represented by a v2/v3 uid or gid having the
	corresponding numeric value.  A server is not obligated to
	accept such a string, but may return an NFS4ERR_BADOWNER
	instead.  To avoid this mechanism being used to subvert user and
	group translation, so that a client might pass all of the owners
	and groups in numeric form, a server SHOULD return an
	NFS4ERR_BADOWNER error when there is a valid translation for the
	user or owner designated in this way.  In that case, the client
	must use the appropriate name at domain string and not the special
	form for compatibility.

And I don't think it would be difficult to modify idmapd to do this.

--b.

More information about the NFSv4 mailing list