Skip to content

nfsidmap

Philippe DENIEL edited this page Oct 30, 2012 · 2 revisions

Using libnfsidmap for uid/gid resolution

As you know, NFSv4 uses "fully qualified names" instead of the Unix related uids/gids used in NFSv2 and NFSv3. This means that every group and user is identified by a UTF8 string whose shape is kind of "myusername@mydomain".

The kernel implementation of NFSv4 make use of the rpc.idmapd for such a resolution. It is a user space daemon that uses the rpc_pipefs to provide the kernel with idmap resolution. Its configuration file is classically located under /etc/idmapd.conf . The architecture of this program is quite simple : it has functions for using the rpc_pipefs, it uses libevent for watching queries from this pipe and uses the libnfsidmap library to make the "name <=> id" resolution. This library is classically provided with the nfs-utils package (depending on the kind of distribution you use).

A recent modification of NFS-GANESHA makes it possible to link with libnfsidmap. You'll have to make sure that libnfsidmap is accessible (in fact make sure that /usr/lib/libnfsidmap.so exists on your machine, even if this is a symbolic link). Then use the --enable-nfsidmap as a ./configure option. Once compiled, NFS-GANESHA will use libnfsidmap for every required resolution. Remember that NFS-GANESHA has an internal hash table to keep memory of this mapping and avoiding making constant requests to this resolution service, so the resolution will only be made once, then the result will be kept for later uses. The libnfsidmap requires a configuration file, the default will be /etc/idmapd.conf but you can set a different path by using the key IdmapConf under tag NFSv4 :

NFSv4
{
# Set an alternative path for libnfsidmap configuration file
IdmapConf = /etc/idmap.ganesha.conf
.....
}

You can avoid using libnfsidmap, in this case, use NFSv4::Domainname to set your daemon's domain name.

For /etc/idmapd.conf syntax refer to nfs-utils manpages