Slightly better nfs v4 support for nomadic systems

My laptop wings it's way both physically and virtually between work and home on a regular basis and in both places the network file system of choice is NFS. However the admins of the two places have not agreed what my login name is one being impersonal and numerical and the other not. The admin at home refuses to change and I'm past asking for such a thing from the admins at work.

Mostly this is not a problem beyond my fingers typing the wrong thing depending on the host I happen to be using. However there is one area where is is a right royal pain and that is NFS.

With NFS v3 and v2 you just had to make sure the numerical user ID was the same and NFS would work. The admin at home grumbled about this but the practical impact one the day. My UID at home matches my UID at work.

With NFS v4 this is no longer enough. NFS v4 passes the owner of an object not as a number but as a string of the form:


Where the nfsmapid_domain is known to nfsmapid(1M). The nfsmapid converts your UID into your login name and generates the string using that and the domain.

The problem with this is that my laptop, which since work owns it uses my work login name, when the server passes my home login name to the laptop the laptop does not understand that and converts the ownership of the file to nobody:

: principia IA 85 $; ls -la
total 10
drwxr-x--x   2 nobody   staff          2 Dec 11 12:30 .
drwxr-xr-x  51 nobody   sys           92 Dec 11 12:30 ..
: principia IA 86 $; 

Which is irritating (although oddly files created on the client in the directory while appearing to be owned by nobody on the client have the correct ownership on the server. Snoop shows that the UID is actually still used and is passed in the RPC authentication header to the server).

I asked on the nfs list on if there was any way around this and alas there is none. Not taking no for an answer I pulled the sources down and built a new nfsmapid daemon that has a directory per nfsmapid_domain which can contain two files: “user” and “group” which contain one to one key pair mappings for mapping local users and groups to remote users and groups.

: principia IA 23 $; cat /etc/nfs/nfsmapdir/
# Simple key value pairs.
# local_user remote_user
cg13442 cjg
: principia IA 24 $; 

In a full implementation it would need to also map UIDs but for my limited case it is fine. Here you can see on the laptop the directory displays as my work login and then on the server my home login:

: principia IA 25 $; ls -la
total 11
drwxr-x--x   2 cg13442  staff          3 Dec 11 15:36 .
drwxr-xr-x  51 cg13442  sys           92 Dec 11 12:30 ..
-rw-r-----   1 cg13442  staff          0 Dec 11 12:33 x
: principia IA 26 $; 
: principia IA 26 $; ssh  -x cjg@pearson ls -la $(pwd)
total 11
drwxr-x--x   2 cjg      staff          3 Dec 11 15:36 .
drwxr-xr-x  51 cjg      sys           92 Dec 11 12:30 ..
-rw-r-----   1 cjg      staff          0 Dec 11 12:33 x
: principia IA 27 $; 

There is clearly more work to do to get good nfs support for nomadic systems but at least this change gets me back to where I was with NFS v3.

The diffs are here taken directly from the mecurial repository.



-- snip -- fbuf = malloc(strlen(NFSMAPDIR) + strlen(dom) + strlen(file) + 3); -- snip -- This can be replaced with |alloca()| or C99's |char fbuf[strlen(NFSMAPDIR) + strlen(dom) + strlen(file) + 3]| because a buffer of 2\*|PATH_MAX| always fits in the stack of a userspace application (OkOk... this is not 100% correct... I have a macro for such cases which uses |malloc()| for larger buffers and VLAs (=C99 variable length arrays) for smaller ones).

Posted by Roland Mainz on December 11, 2006 at 04:57 PM GMT #

The assumption that the stack will be big enough may not hold true for threaded applications where threads often have much smaller stacks.

However there are many more things that would be better to fix here, like caching the mappings so that it only has to check if the file has changed.

Then again the bigger fix of being able to man UIDs is also required

Posted by Chris Gerhard on December 12, 2006 at 06:10 AM GMT #

Would it be possible for you to answer in your next blog entry, questions posed here: on Solaris?

Posted by James on December 20, 2006 at 09:54 AM GMT #

Post a Comment:
Comments are closed for this entry.

This is the old blog of Chris Gerhard. It has mostly moved to


« March 2015