0

With an NFS4 mount, using /etc/idmapd.conf to map the nobody user and group to user123, files look like they should be accessible to user123 but instead give a Permission denied. The files are accessible to root.

Is there another mechanism I should be using to make these files accessible to user123? Ideally without having to request changes to how the NFS server is set up.

Here's an example of the problem I'm seeing:

user123@srv-l-002t:/mnt/import/sub$ ls -la
total 80
drwxrwxrwx 2 user123 user123 4096 Oct 25 16:06 ./
drwxrwxrwx 2 user123 user123 4096 Oct 25 16:17 ../
-rwx------ 1 user123 user123  917 Oct 25 16:05 user123-test-should-work-new-1.log*

user123@srv-l-002t:/mnt/import/sub$ stat user123-test-should-work-new-1.log 
  File: user123-test-should-work-new-1.log
  Size: 917         Blocks: 8          IO Block: 1048576 regular file
Device: 88h/136d    Inode: 562949953538881  Links: 1
Access: (0700/-rwx------)  Uid: ( 1002/   user123)   Gid: ( 1002/   user123)
Access: 2022-10-25 16:05:07.389372600 +0000
Modify: 2022-10-25 16:05:10.802138700 +0000
Change: 2022-10-25 16:05:10.802138700 +0000
 Birth: -
 
user123@srv-l-002t:/mnt/import/sub$ id
uid=1002(user123) gid=1002(user123) groups=1002(user123)

user123@srv-l-002t:/mnt/import/sub$ cat user123-test-should-work-new-1.log 
cat: user123-test-should-work-new-1.log: Permission denied

The NFS mount is simply

ip-addr:/share                              /mnt/import nfs defaults,vers=4,resvport    0 0
David
  • 101
  • 2
  • 1
    My take on this: nobody is special: that's the "not mapped" user. So even if on the client you wish it's mapped to some user, it's still the "not mapped user". See this RFC: https://www.rfc-editor.org/rfc/rfc8881#section-5.9-8 "Users and implementations of NFSv4.1 SHOULD NOT use "nobody" to designate a real user whose access is not anonymous." – A.B Oct 26 '22 at 09:34

0 Answers0