Bug 508933
Summary: | uid/username rights mismatch using nfs4 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Karel Volný <kvolny> |
Component: | nfs-utils | Assignee: | Steve Dickson <steved> |
Status: | CLOSED NOTABUG | QA Contact: | yanfu,wang <yanwang> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 5.3 | CC: | bfields |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-12-06 23:23:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Karel Volný
2009-06-30 15:14:29 UTC
Results are as expected. For NFS purposes users are identified in two ways: 1. RPC-level credentials carried in the rpc header determine "who" performs a given operation. If using auth_sys (as in the example above), those credentials will take the form of numerical uid's and gid's. If using auth_gss/krb5, the credentials will consist of cryptographic information including a context handle which can be mapped back to a krb5 principal. 2. In operations that set or query file owners and ACL entries, users and groups must be identified in the NFS operation. NFSv3 uses uid's and gid's for this, while NFSv4 uses names. So: when querying the owner attribute over NFSv4, the server correctly returns "guest@<yourdomain>" as the owner. However, the rpc credentials sent across with the operations that perform the "cat /mnt/import/foobar", above, are numerical uid's and gid's. Keep the client and server accounts in sync (either manually or using something like ldap), and this kind of problem should not happen. |