Bug 1129792

Summary: libnfsidmap: respect Nobody-User/Nobody-Group
Product: Red Hat Enterprise Linux 6 Reporter: Steve Dickson <steved>
Component: nfs-utils-libAssignee: Steve Dickson <steved>
Status: CLOSED ERRATA QA Contact: JianHong Yin <jiyin>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.7CC: eguan, fs-qe, jherrman, salmy, yoyang
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: nfs-utils-lib-1.1.5-10 Doc Type: Bug Fix
Doc Text:
Prior to this update, the libnfsidmap library used "nobody@DEFAULTDOMAIN" when performing name lookup, but this did not match the behavior of the rpc.idmapd daemon. As a consequence, the nfsidmap utility did not properly handle situations when "nobody@DEFAULTDOMAIN" did not directly map to any user or group on the system. With this update, libnfsidmap uses the "Nobody-User" and "Nobody-Group" values in the /etc/idmapd.conf file when the default "nobody" user and group are set, and the described problem no longer occurs.
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-22 06:28:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1129790    
Bug Blocks:    

Description Steve Dickson 2014-08-13 16:52:13 UTC
Description of problem:

Previous behavior of libnfsidmap was to do a name lookup of
nobody@DEFAULTDOMAIN (for both user and group), which does not match
the behavior of rpc.idmapd.

This patch makes libnfsidmap respect Nobody-User/Nobody-Group for
lookups, thus making the nfsidmap utility properly handle the case if
nobody@DEFAULTDOMAIN does not directly map to any user/group on the

How reproducible:

Steps to Reproduce:
1. Uncomment Nobody-User in /etc/idmapd.conf and set it to a value
2. Do a NFSv4 mount.
3. See what value is used when there is no valid id/gid mapping

Additional info:

commit f139de79d91e7773b5b98fe5aca5570f77c7aee9
Author: Christian Seiler <christian@iwakd.de>
Date:   Wed Aug 13 12:42:14 2014 -0400

    libnfsidmap: respect Nobody-User/Nobody-Group

Comment 5 JianHong Yin 2015-02-13 01:59:51 UTC
Verified by https://beaker.engineering.redhat.com/jobs/881544

[09:50:56 root@ ~~]# touch /home/qa/file_root
:: [   PASS   ] :: Running 'touch /home/qa/file_root' (Expected 0, got 0)
[09:50:56 root@ ~~]# su -c "touch /home/qa/file_qa" qa
:: [   PASS   ] :: touch file owned by qa (Expected 0, got 0)
[09:50:56 root@ ~~]# ls -l /home/qa
total 0
-rw-r--r--. 1 qa   qa   0 Feb 13 09:50 file_qa
-rw-r--r--. 1 root root 0 Feb 13 09:50 file_root
[09:50:56 root@ ~~]# grep "^[^#]" /etc/idmapd.conf
Verbosity = 2
Domain = 
Nobody-User = test
Nobody-Group = test
Method = nsswitch

[09:51:09 root@ ~~]# grep "^[^#]" /etc/idmapd.conf
Verbosity = 2
Domain = 
Nobody-User = test
Nobody-Group = test
Method = nsswitch

[09:51:12 root@ ~~]# mount -t nfs $SERVER:/home/qa $nfsmp
:: [   PASS   ] :: Running 'mount -t nfs $SERVER:/home/qa $nfsmp' (Expected 0, got 0)
[09:51:13 root@ ~~]# ls -l $nfsmp | grep "$Nobody"
-rw-r--r--. 1 test test 0 Feb 13 09:50 file_qa
              ^^^^ expected
:: [   PASS   ] :: Running 'ls -l $nfsmp | grep "$Nobody"' (Expected 0, got 0)
[09:51:13 root@ ~~]# umount $nfsmp
:: [   PASS   ] :: Running 'umount $nfsmp' (Expected 0, got 0)

Comment 7 errata-xmlrpc 2015-07-22 06:28:01 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.