On 2020-09-18 16:28, Rick Macklem wrote: > Oh, and I forgot to mention name<->id# mapping. > If using AUTH_SYS (not kerberos), then you have the > choice of running "nfsuserd" or setting these two sysctls to 1. > vfs.nfs.enable_uidtostring=1 > vfs.nfsd.enable_stringtouid=1 > --> This makes the server just handle id#s (uid, gid) as numbers in > a string. (This is the default for Linux these days although it was > ' frowned upon in the early days.) > > Running nfsuserd maps uid, gid numbers to/from names using the > password and group databases. This must be used for Kerberos mounts. > > Without the above properly configured, you'll see lots of files owned > by "nobody" on the client mounts. Those sysctls are interesting. I wasn't aware of them and so I run nfsuserd. What do they do, practically speaking? My understanding, likely wrong, is that nfsuserd should allow different uid/gid server->client mappings, possibly different for different clients. However I still had to sync uid/gids across machines even though they are all running nfsuserd. Didn't disable nfsuserd because... system is working... DFWI. Anyway, naked FreeBSD-stable nfsv4 is rock solid in a clamped down arena with a variety of FreeBSD and Debian clients. Kudos. Thanks, Russell > rick > > ________________________________________ > From: Rick Macklem <rmacklem_at_uoguelph.ca>Received on Fri Sep 18 2020 - 22:08:14 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC