Re: Documentation regarding NFSv4

From: Russell L. Carter <rcarter_at_pinyon.org>
Date: Fri, 18 Sep 2020 17:08:05 -0700
On 2020-09-18 16:28, Rick Macklem wrote:
 > Oh, and I forgot to mention name<->id# mapping.
 > If using AUTH_SYS (not kerberos), then you have the
 > choice of running "nfsuserd" or setting these two sysctls to 1.
 > vfs.nfs.enable_uidtostring=1
 > vfs.nfsd.enable_stringtouid=1
 > --> This makes the server just handle id#s (uid, gid) as numbers in
 >         a string. (This is the default for Linux these days although 
it was
 > '       frowned upon in the early days.)
 >
 > Running nfsuserd maps uid, gid numbers to/from names using the
 > password and group databases. This must be used for Kerberos mounts.
 >
 > Without the above properly configured, you'll see lots of files owned
 > by "nobody" on the client mounts.

Those sysctls are interesting.  I wasn't aware of them and so I run
nfsuserd.  What do they do, practically speaking?  My understanding,
likely wrong, is that nfsuserd should allow different uid/gid
server->client mappings, possibly different for different clients.

However I still had to sync uid/gids across machines even though they
are all running nfsuserd.  Didn't disable nfsuserd because... system
is working... DFWI.

Anyway, naked FreeBSD-stable nfsv4 is rock solid in a clamped down
arena with a variety of FreeBSD and Debian clients.  Kudos.

Thanks,
Russell

 > rick
 >
 > ________________________________________
 > From: Rick Macklem <rmacklem_at_uoguelph.ca>
Received on Fri Sep 18 2020 - 22:08:14 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC