NFSv4 mount incorrectly shows all files with ownership as nobody:nobody
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- NFSv4 share being exported from an NFSv4 capable NFS server
- From the client, the mounted NFSv4 share has ownership for all files and directories listed as nobody:nobody instead of the actual user that owns them on the NFSv4 server, or who created the new file and directory.
- Seeing nobody:nobody permissions on nfsv4 shares on the nfs client. Also seeing the following error in /var/log/messages:
- Modify the /etc/idmapd.conf with the proper domain (FQDN), on both the client and server. In this example, the proper domain is "example.com" so the "Domain =" directive within /etc/idmapd.conf should be modified to read:
- Note:
- If using a NetApp Filer, the NFS.V4.ID.DOMAIN parameter must be set to match the "Domain =" parameter on the client.
- If using a Solaris machine as the NFS server, the NFSMAPID_DOMAIN value in /etc/default/nfs must match the RHEL clients Domain.
- To put the changes into effect restart the rpcidmapd service and remount the NFSv4 filesystem:
- Ensure the client and server have matching UID's and GID's. It is a common misconception that the UID's and GID's can differ when using NFSv4. The sole purpose of id mapping is to map an id to a name and vice-versa. ID mapping is not intended as some sort of replacement for managing id's.
- On Red Hat Enterprise Linux 6, if the above settings have been applied and UID/GID's are matched on server and client and users are still being mapped to nobody:nobody than a clearing of the idmapd cache may be required:
- Another check, see if the passwd:, shadow: and group: settings are set correctly in the /etc/nsswitch.conf file on both Server and Client.
- By default, RHEL6.3 and newer NFS clients and servers disable idmapping when utilizing the AUTH_SYS/UNIX authentication flavor by enabling the following booleans:
- If using a NetApp filer, the options nfs.v4.id.allow_numerics on command can be used to disable idmapping. More information can be foundhere.
- With this boolean enabled, NFS clients will instead send numeric UID/GID numbers in outgoing attribute calls and NFS servers will send numeric UID/GID numbers in outgoing attribute replies.
- If NFS clients sending numeric UID/GID values in a SETATTR call receive an NFS4ERR_BADOWNER reply from the NFS server clients will re-enable idmapping and send user@domain strings for that specific mount from that point forward.
- NFSv4 utilizes ID mapping to ensure permissions are set properly on exported shares, if the domains of the client and server do not match then the permissions are mapped to nobody:nobody.
- Debugging/verbosity can be enabled by editing /etc/sysconfig/nfs:
- The following output is shown in /var/log/messages when the mount has been completed and the system shows nobody:nobody as user and group permissions on directories and files:
- Collect a tcpdump of the mount attempt:
- If a TCP packet capture has been obtained, check for a nfs.nfsstat4 packet that has returned a non-zero response equivalent to 10039 (NFSV4ERR_BADOWNER).
- From the NFSv4 RFC:
- Product(s)
- Component
- Category
- Tags
NFSv4 mount incorrectly shows all files with ownership as nobody:nobody的更多相关文章
- 10 Useful du (Disk Usage) Commands to Find Disk Usage of Files and Directories
The Linux “du” (Disk Usage) is a standard Unix/Linux command, used to check the information of disk ...
- 在NAS设备上用NFS服务为RAC数据库和集群件存储oracle文件时的mount选项
今天在家折腾自己的小实验室,把自己NAS上的一个目录用NFS挂载到一套11g RAC的实验环境中. 当我在备份数据库到NAS上时,发现一个奇怪的问题,同样的目录下,默认backup 备份集的情况,备份 ...
- DAY1 linux 50条命令
1. tar压缩,解压缩 tar -cvf *** (压缩) tar -xvf *** (解压缩) [root@bogon ~]# tar cvf test.tar test/ test/ test ...
- ocp 1Z0-042 1-60题解析
1. Because of a power outage,instance failure has occurred. From what point in the redo log does rec ...
- linux 命令中英文对照,收集
linux 命令中英文对照,收集 linux 命令英文全文 Is Linux CLI case-sensitive? The answer is, yes. If you try to run L ...
- 50个最常用的UNIX/Linux命令
转自http://get.jobdeer.com/493.get 1. tar command examples Create a new tar archive. $ tar cvf archive ...
- Sharing The Application Tier File System in Oracle E-Business Suite Release 12.2
The most current version of this document can be obtained in My Oracle Support Knowledge Document 13 ...
- Python库 - Albumentations 图片数据增强库
Python图像处理库 - Albumentations,可用于深度学习中网络训练时的图片数据增强. Albumentations 图像数据增强库特点: 基于高度优化的 OpenCV 库实现图像快速数 ...
- openshift上使用devicemapper
环境:openshift v3.6.173.0.5 openshift上devicemapper与官方文档中的描述略有不同,在官方文档的描述中,容器使用的lvm文件系统挂载在/var/lib/devi ...
随机推荐
- win端git连接私服仓库+上传本地项目+从服务器下载文件到win
win端git连接私服仓库: 1.win端 检查c:/Users/用户/.ssh/目录下是否有config文件(!!!没有任何后缀名).如果没有则新建config文件,然后修改添加如下内容: Host ...
- 获取struts迭代list在页面显示的数据
js代码: function modifyPactMoney(){ var table=$("#pactfee"); var trs=table.find("tr&quo ...
- SpringMVC - 个人对@ModelAttribute的见解 和 一些注入参数、返回数据的见解
2016-8-23修正. 因为对modelattribute这个注解不了解,所以在网上搜寻一些答案,感觉还是似懂非懂的,所以便自己测试,同时还结合网上别人的答案:最后得出我自己的见解和结果,不知道正确 ...
- 【 VSFTPD 】ftp 客户端问题
网络环境: 两个独立的内网环境,前端都有路由和防火墙的管控.要在这两个独立的内网使用ftp通过互联网进行通信. 首先,ftp server 服务端口默认修改为:2100 数据端口修改为:21000 将 ...
- Ajax 生成流文件下载(实现代码)
// 绑定导出按钮 $("#btnExport").clickCheckLogin(function () { var form = $("<form> ...
- spark热点互动问答
[Spark亚太研究院 决战云计算大数据时代 100期公益大讲堂 互动问答] Q1:我想问,hdfs的namenode挂了,怎么处理? 使用ZooKeeper: 使用Mesos: 使用Yarn: Q2 ...
- HDU 1020.Encoding-字符压缩
Encoding Time Limit: 2000/1000 MS (Java/Others) Memory Limit: 65536/32768 K (Java/Others)Total Su ...
- Codeforces 651 C. Watchmen-曼哈顿距离和欧几里得距离
C. Watchmen time limit per test 3 seconds memory limit per test 256 megabytes input standard input ...
- Dart基础
dartpad在线调试 :https://dartpad.dartlang.org 运行需要用墙 vscode执行dart 安装 安装dart插件 下载安装dart 配置环境变量 vscode新建 ...
- bufferknife框架的正确使用方式 -终于他么知道了
1.由于ButterKnife从7.x到8.x后,运行时和编译器被分开来,你还需要配置 apt ‘com.jakewharton:butterknife-compiler:8.1.0’,在projec ...