NFS4 does group membership have to be manually synchronised between hosts?

Question

I have NFS4 correctly mapping user and group IDs (using idmapd).

Does group membership have to be synchronised across hosts manually or is it handled by idmapd or NFS itself?

Example:

# server users
alice:1000
bob:1001

# server groups
staff:7777:alice,bob

# client users
alice:2000
bob:2001

Is it sufficient to declare the staff group on the client like this:

# client groups
staff:7777:

Or do I have to keep the group membership up to date across the hosts myself?

Thanks.

score 0 · Answer 1 · answered Apr 24 '13 at 19:11

The correct membership on the server side is sufficient to access the files and directories. Nevertheless, NFS client can make assumptions based on the local credentials and give a false DENY. IOW, it's not required to keep groups on client and server in sync, but it helps to prevent bad surprises.

NFS4 does group membership have to be manually synchronised between hosts?

1 Answers1