Skip Navigation Links | |
Exit Print View | |
man pages section 1M: System Administration Commands Oracle Solaris 11.1 Information Library |
- NFS user and group id mapping daemon
/usr/lib/nfs/nfsmapid
The nfsmapid daemon maps to and from NFS version 4 owner and owner_group identification attributes and local UID and GID numbers used by both the NFS version 4 client and server.
nfsmapid uses the passwd and group entries in the /etc/nsswitch.conf file to direct how it performs the mappings.
The nfsmapid daemon has no external, customer-accessible interfaces. You can, however, administratively configure nfsmapid in one of the following ways:
Specify the nfsmapid_domain parameter in the SMF for NFS using the sharectl(1M) command.
Specify the _nfsv4idmapdomain DNS resource record.
The currently selected NFSv4 domain is available in the file /var/run/nfs4_domain.
Please refer to the Oracle Solaris Administration: Network ServicesOracle Solaris Administration: Network Services for further details.
The nfsmapid service is managed by the service management facility, smf(5), under the service identifier:
svc:/network/nfs/mapid
Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). The service's status can be queried using the svcs(1) command.
If it is disabled, it will be enabled by mount_nfs(1M), share_nfs(1M), and automountd(1M), unless its application/auto_enable property is set to false.
nfsmapid caches a user's UID and GID. If a user subsequently changes a UID or GID, using one of the utilities listed below, the nfsmapid cache becomes stale. At this point, any NFS operation that gets or set attributes will result in the exchange of this stale information. To resolve this situation, restart nfsmapid, as follows:
# svcadm restart svc:/network/nfs/mapid:default
The startup SMF parameter designating a domain name (nfsmapid_domain) can be manipulated with the sharectl(1M) command.
The setting for the NFS SMF parameter nfsmapid_domain overrides the domain used by nfsmapid for building and comparing outbound and inbound attribute strings, respectively. Also, this setting overrides any other mechanism for setting the NFSv4 domain. In the absence of a nfsmapid_domain setting, the nfsmapid daemon determines the NFSv4 domain as follows:
If a properly configured /etc/resolv.conf (see resolv.conf(4)) exists, nfsmapid queries specified nameserver(s) for the domain.
If a properly configured /etc/resolv.conf (see resolv.conf(4)) exists, but the queried name server does not have a proper record of the domain name, nfsmapid attempts to obtain the domain name through the BIND interface (see resolver(3RESOLV)).
If no /etc/resolv.conf exists, nfsmapid falls back on using the configured domain name (see domainname(1M)), which is returned with the leading domain suffix removed. For example, for widgets.sales.acme.com, sales.acme.com is returned.
If /etc/resolv.conf does not exist, no domain name has been configured (or no /etc/defaultdomain exists), nfsmapid falls back on obtaining the domain name from the host name, if the host name contains a fully qualified domain name (FQDN).
If a domain name is still not obtained following all of the preceding steps, nfsmapid will have no domain configured. This results in the following behavior:
Outbound owner and owner_group attribute strings are encoded as literal ID's. For example, the UID 12345 is encoded as 12345.
nfsmapid ignores the domain portion of the inbound attribute string and performs name service lookups only for the user or group. If the user/group exists in the local system name service databases, then the proper UID/GID will be mapped even when no domain has been configured.
This behavior implies that the same administrative user/group domain exists between NFSv4 client and server (that is, the same UID/GIDs for users/groups on both client and server). In the case of overlapping ID spaces, the inbound attribute string could potentially be mapped to the wrong id. However, this is not functionally different from mapping the inbound string to nobody, yet provides greater flexibility. See EXAMPLES, below.
The utilities that allow you to change UID and GID are:
Contains the domain name currently used by NFSv4.
Example 1 Setting Domain Name
The following command uses sharectl to set the domain name.
# sharectl set -p nfsmapid_domain=oracle.com nfs
The nfsmapid_domain property is described under NOTES, below.
Example 2 Obtaining Domain Name
The following command uses sharectl to obtain the current domain name.
# sharectl get -p nfsmapid_domain nfs nfsmapid_domain=oracle.com
See attributes(5) for descriptions of the following attributes:
|
svcs(1), automountd(1M), domainname(1M), groupdel(1M), groupmod(1M), mount_nfs(1M), svcadm(1M), share_nfs(1M), sharectl(1M), userdel(1M), usermod(1M), resolver(3RESOLV), nfs(4), resolv.conf(4), attributes(5), smf(5)
Oracle Solaris Administration: Network Services
The nfsmapid daemon might not exist in a future release of Solaris.