Bug 1129792 - libnfsidmap: respect Nobody-User/Nobody-Group
Summary: libnfsidmap: respect Nobody-User/Nobody-Group
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nfs-utils-lib
Version: 6.7
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Steve Dickson
QA Contact: JianHong Yin
URL:
Whiteboard:
Depends On: 1129790
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-13 16:52 UTC by Steve Dickson
Modified: 2019-07-12 07:34 UTC (History)
5 users (show)

Fixed In Version: nfs-utils-lib-1.1.5-10
Doc Type: Bug Fix
Doc Text:
Prior to this update, the libnfsidmap library used "nobody@DEFAULTDOMAIN" when performing name lookup, but this did not match the behavior of the rpc.idmapd daemon. As a consequence, the nfsidmap utility did not properly handle situations when "nobody@DEFAULTDOMAIN" did not directly map to any user or group on the system. With this update, libnfsidmap uses the "Nobody-User" and "Nobody-Group" values in the /etc/idmapd.conf file when the default "nobody" user and group are set, and the described problem no longer occurs.
Clone Of:
Environment:
Last Closed: 2015-07-22 06:28:01 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1312 normal SHIPPED_LIVE nfs-utils-lib bug fix update 2015-07-20 17:53:31 UTC

Description Steve Dickson 2014-08-13 16:52:13 UTC 
Description of problem:

Previous behavior of libnfsidmap was to do a name lookup of
nobody@DEFAULTDOMAIN (for both user and group), which does not match
the behavior of rpc.idmapd.

This patch makes libnfsidmap respect Nobody-User/Nobody-Group for
lookups, thus making the nfsidmap utility properly handle the case if
nobody@DEFAULTDOMAIN does not directly map to any user/group on the
system.

How reproducible:
100%

Steps to Reproduce:
1. Uncomment Nobody-User in /etc/idmapd.conf and set it to a value
2. Do a NFSv4 mount.
3. See what value is used when there is no valid id/gid mapping

Additional info:

commit f139de79d91e7773b5b98fe5aca5570f77c7aee9
Author: Christian Seiler <christian@iwakd.de>
Date:   Wed Aug 13 12:42:14 2014 -0400

    libnfsidmap: respect Nobody-User/Nobody-Group
Comment 5 JianHong Yin 2015-02-13 01:59:51 UTC 
Verified by https://beaker.engineering.redhat.com/jobs/881544

Server:
[09:50:56 root@ ~~]# touch /home/qa/file_root
:: [   PASS   ] :: Running 'touch /home/qa/file_root' (Expected 0, got 0)
--------------------------------------------------------------------------------
[09:50:56 root@ ~~]# su -c "touch /home/qa/file_qa" qa
:: [   PASS   ] :: touch file owned by qa (Expected 0, got 0)
--------------------------------------------------------------------------------
[09:50:56 root@ ~~]# ls -l /home/qa
total 0
-rw-r--r--. 1 qa   qa   0 Feb 13 09:50 file_qa
-rw-r--r--. 1 root root 0 Feb 13 09:50 file_root
--------------------------------------------------------------------------------
[09:50:56 root@ ~~]# grep "^[^#]" /etc/idmapd.conf
[General]
Verbosity = 2
Domain = 
[Mapping]
Nobody-User = test
Nobody-Group = test
[Translation]
Method = nsswitch

Client:
[09:51:09 root@ ~~]# grep "^[^#]" /etc/idmapd.conf
[General]
Verbosity = 2
Domain = 
[Mapping]
Nobody-User = test
Nobody-Group = test
[Translation]
Method = nsswitch

[09:51:12 root@ ~~]# mount -t nfs $SERVER:/home/qa $nfsmp
:: [   PASS   ] :: Running 'mount -t nfs $SERVER:/home/qa $nfsmp' (Expected 0, got 0)
--------------------------------------------------------------------------------
[09:51:13 root@ ~~]# ls -l $nfsmp | grep "$Nobody"
-rw-r--r--. 1 test test 0 Feb 13 09:50 file_qa
              ^^^^ expected
:: [   PASS   ] :: Running 'ls -l $nfsmp | grep "$Nobody"' (Expected 0, got 0)
--------------------------------------------------------------------------------
[09:51:13 root@ ~~]# umount $nfsmp
:: [   PASS   ] :: Running 'umount $nfsmp' (Expected 0, got 0)
--------------------------------------------------------------------------------
Comment 7 errata-xmlrpc 2015-07-22 06:28:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1312.html
Note You need to log in before you can comment on or make changes to this bug.