On 2020-09-18 16:28, Rick Macklem wrote:
> Oh, and I forgot to mention name<->id# mapping.
> If using AUTH_SYS (not kerberos), then you have the
> choice of running "nfsuserd" or setting these two sysctls to 1.
> vfs.nfs.enable_uidtostring=1
> vfs.nfsd.enable_stringtouid=1
> --> This makes the server just handle id#s (uid, gid) as numbers in
> a string. (This is the default for Linux these days although
it was
> ' frowned upon in the early days.)
>
> Running nfsuserd maps uid, gid numbers to/from names using the
> password and group databases. This must be used for Kerberos mounts.
>
> Without the above properly configured, you'll see lots of files owned
> by "nobody" on the client mounts.
Those sysctls are interesting. I wasn't aware of them and so I run
nfsuserd. What do they do, practically speaking? My understanding,
likely wrong, is that nfsuserd should allow different uid/gid
server->client mappings, possibly different for different clients.
However I still had to sync uid/gids across machines even though they
are all running nfsuserd. Didn't disable nfsuserd because... system
is working... DFWI.
Anyway, naked FreeBSD-stable nfsv4 is rock solid in a clamped down
arena with a variety of FreeBSD and Debian clients. Kudos.
Thanks,
Russell
> rick
>
> ________________________________________
> From: Rick Macklem <rmack...@uoguelph.ca>
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
