LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-24-2014, 08:48 AM   #1
antriksh
Member
 
Registered: Aug 2010
Location: In my world
Distribution: Oracle Linux 6
Posts: 81

Rep: Reputation: 0
Question NFS4 client shows files ownership as nobody


Hi,

I have a NFS server and a client. I am using NFS4. I have exported some shares using NFS4. When i try to create a file on NFS server i am able to but its ownership shows as nobody nobody on NFS client.

My analysis:

1) idmapd.conf in NFS Server and client shows same domain name

Domain = iberia
Domain = iberia

2) In both the server and client nsswitch.conf has same checking method:

passwd: files
shadow: files
group: files

3) On both the server and client UID/GID of user siebel is same.

[root@nfsldes2 ~]# id siebel ------------> Server
uid=50301(siebel) gid=50300(siebgrp) groups=50300(siebgrp)

[root@obicrmprea ~]# id siebel -------------> Client
uid=50301(siebel) gid=50300(siebgrp) groups=50300(siebgrp)

4) /var/log/messages shows below errors in clients logs:

Jul 18 12:19:17 obicrmprea rpc.idmapd[20231]: nss_getpwnam: name '50301' domain 'iberia': resulting localname '(null)'
Jul 18 12:19:17 obicrmprea rpc.idmapd[20231]: nss_getpwnam: name '50301' does not map into domain 'iberia'

But when creating a file from client side as user siebel its ownership shown as nobody nobody.

[siebel@obicrmprea fs]$ pwd
/siebel/fs
[siebel@obicrmprea fs]$ id
uid=50301(siebel) gid=50300(siebgrp) groups=50300(siebgrp)
[siebel@obicrmprea fs]$ touch bbb
[siebel@obicrmprea fs]$ ll bbb
-rw-r--r-- 1 nobody nobody 0 Jul 24 13:06 bbb
 
Old 07-24-2014, 09:59 AM   #2
netnix99
Member
 
Registered: Jun 2011
Distribution: redhat, CentOS, OpenBSD
Posts: 298

Rep: Reputation: 98
On NFS mounts, the local user on the client machine is not the same as a local user on any nother machine, even if the UID and GID match. In order to prevent the nobody nobody ownership on NFS mounts, you need to use a domain level authentication such as LDAP, NIS, or NIS+. This provides a single point of authentication for all machines in the domain, and the UID and GID of each user is known to all machines. This is most commonly seen when the owner of the file/data is root. Root on the client machine would not be the same as the root on the NFS server.

Make sense??

HTH
 
Old 07-24-2014, 10:06 AM   #3
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 5,387

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
Quote:
Originally Posted by netnix99 View Post
On NFS mounts, the local user on the client machine is not the same as a local user on any nother machine, even if the UID and GID match. ...

Make sense??

HTH
No...

man exports:
Code:
...
 User ID Mapping
       nfsd bases its access control to files on the server machine on the uid
       and  gid  provided  in each NFS RPC request. The normal behavior a user
       would expect is that she can access her files on the server just as she
       would  on  a  normal  file system. This requires that the same uids and
       gids are used on the client and the server machine. This is not  always
       true, nor is it always desirable.

       Very  often, it is not desirable that the root user on a client machine
       is also treated as root when accessing files on the NFS server. To this
       end,  uid  0 is normally mapped to a different id: the so-called anony-
       mous or nobody uid. This mode of operation (called `root squashing') is
       the default, and can be turned off with no_root_squash.

       Here's the complete list of mapping options:

       root_squash
              Map requests from uid/gid 0 to the anonymous uid/gid. Note  that
              this  does  not  apply  to  any other uids or gids that might be
              equally sensitive, such as user bin or group staff.

       no_root_squash
              Turn off root squashing. This option is mainly useful for  disk-
              less clients.

       all_squash
              Map  all  uids  and  gids to the anonymous user. Useful for NFS-
              exported public FTP directories, news  spool  directories,  etc.
              The  opposite option is no_all_squash, which is the default set-
              ting.

       anonuid and anongid
              These options explicitly set the uid and gid  of  the  anonymous
              account.   This  option  is primarily useful for PC/NFS clients,
              where you might want all requests appear to be from one user. As
              an example, consider the export entry for /home/joe in the exam-
              ple section below, which maps all requests to uid 150 (which  is
              supposedly that of user joe).
 
Old 07-25-2014, 07:03 PM   #4
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,602

Rep: Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241
Unless I'm overlooking something, the UID being looked up is 50301.

That one isn't shown. The UIDs shown are 50300. If 50301 is not in the UID/GID files, then it WILL show up as "nobody,nobody".
 
Old 08-04-2014, 10:27 AM   #5
antriksh
Member
 
Registered: Aug 2010
Location: In my world
Distribution: Oracle Linux 6
Posts: 81

Original Poster
Rep: Reputation: 0
Thanks everyone for the reply. rpcidmapd was not started on the NFS server. After restarting the service it worked.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Facing ownership issue with NFS4 on Cento6.4 x64 bit sunnysthakur Linux - Server 5 08-08-2013 10:44 AM
NFS4 Client- /var/lib/nfs owned by root causes exploitation? dman777 Linux - Security 0 06-23-2013 11:44 PM
[SOLVED] Fedora 16 unable to NFS4 mount on client geoffleach Fedora 15 01-05-2012 04:57 PM
nfs4 - mount.nfs4: access denied by server while mounting edwin11 Linux - Networking 1 12-07-2010 11:06 AM
NFS4 mount showing wrong ownership tisource Linux - Networking 1 09-11-2006 02:02 PM


All times are GMT -5. The time now is 04:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration