This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 456180 - Large groups mapped to nobody by rpc.idmapd
Large groups mapped to nobody by rpc.idmapd
Status: CLOSED DUPLICATE of bug 453804
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nfs-utils-lib (Show other bugs)
5.2
All Linux
low Severity low
: rc
: ---
Assigned To: Steve Dickson
http://linux-nfs.org/pipermail/nfsv4/...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-21 19:31 EDT by Paul Howarth
Modified: 2009-06-05 12:16 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-05 12:16:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paul Howarth 2008-07-21 19:31:31 EDT
Description of problem:
Groups with large numbers of members are mapped by rpc.idmapd to the "nobody"
user instead of the correct group name. The problem has been discussed on the
upstream mailing list at the URL for this ticket.

Version-Release number of selected component (if applicable):
nfs-utils-lib-1.0.8-7.2.z2

How reproducible:
Every time.

idmapd.conf:
[General]

Verbosity = 9
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = uk.virtensys.com

[Mapping]

Nobody-User = nobody
Nobody-Group = nobody

[Translation]
Method = nsswitch


Some group entries, output from "getent group":
Domain Admins:*:512:domadmin,phowarth,troshan,mlees,gsandom
Domain
Users:*:513:asou,bkinsman,ctowers,fnaven,imccarth,jhowarth,lmay,mduxbury,phowarth,smarshal,tpalmer,plombard,rdrewry,troshan,estolarz,sholling,sdennis,brianw,marekp,ytchapda,dcarter,library,phodgett,tpedley,bnapaa,bjustnes,yong,aking,scarroll,clawther,wkhan,hsabert,rbuckett,mogden,paulm,salli,mlees,rhicks,iormshaw,petera,labmo,ajacketts,aroberts,amartin,rjefferson,ahoussein,pclib1,pclib2,pclib3,jnichols,scalkins,cgaudet,lab204,dirk,taylors,homeruser,labuser,jcooke,labaj,mtamblyn,mnoble,gsandom,ebeasant,hwong,magnihotri,manoj,labanalyser,jday,ghandral,pgiddi,softlib,madshead,dstanford,fzhang,bwald,rprathipati,labrat,mramachandran,vgokulrangan,djha,labuser2,labuser3,kpanah,wasp,youhee,docs
virt:*:2001:bkinsman,fnaven,imccarth,jhowarth,lmay,mduxbury,phowarth,smarshal,tpalmer,plombard,rdrewry,troshan,sdennis,brianw,marekp,ytchapda,dcarter,tpedley,bnapaa,bjustnes,aking,scarroll,clawther,wkhan,hsabert,rbuckett,mogden,paulm,salli,mlees,rhicks,iormshaw,petera,labmo,ajacketts,aroberts,amartin,rjefferson,ahoussein,pclib1,pclib2,pclib3,jnichols,scalkins,cgaudet,lab204,dirk,taylors,homeruser,labuser,jcooke,labaj,mtamblyn,mnoble,gsandom,ebeasant,hwong,magnihotri,manoj,labanalyser,jday,ghandral,pgiddi,softlib,madshead,dstanford,fzhang,bwald,rprathipati,labrat,mramachandran,vgokulrangan,djha,labuser2,labuser3,kpanah,wasp,youhee
vpcgroup:*:5032:wkhan,mnoble,rbuckett,ajacketts,dcarter,aking,brianw,troshan,mogden,scarroll,petera,salli,labmo,hwong,madshead,phowarth


When a client does an "ls -l" for a directory containing files owned by these
groups, the "Domain Admins" and "vpcgroup" groups are mapped to the proper
names, but the "Domain Users" and "virt" groups are mapped to "nobody", as can
be seen in the server logs:

Jul 22 00:04:41 preston rpc.idmapd[21814]:  Server: (group) id "2001" -> name
"nobody"
Jul 22 00:06:07 preston rpc.idmapd[21814]:  Server: (group) id "513" -> name
"nobody"
Jul 22 00:06:36 preston rpc.idmapd[21814]:  Server: (group) id "512" -> name
"Domain Admins@uk.virtensys.com"
Jul 22 00:20:24 preston rpc.idmapd[21814]:  Server: (group) id "5032" -> name
"vpcgroup@uk.virtensys.com"


This is bad news when we need to use group permissions.

According to the discussion on the upstream mailing list, the problem went away
by upgrading to libnfsidmap-0.20.
Comment 1 Brian Pontz 2009-02-10 16:19:31 EST
Same as bug #453804
Comment 3 David Kovalsky 2009-06-05 12:16:17 EDT
Indeed a dupe. 

Closing.

*** This bug has been marked as a duplicate of bug 453804 ***

Note You need to log in before you can comment on or make changes to this bug.