Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 456180

Summary: Large groups mapped to nobody by rpc.idmapd
Product: Red Hat Enterprise Linux 5 Reporter: Paul Howarth <paul>
Component: nfs-utils-libAssignee: Steve Dickson <steved>
Status: CLOSED DUPLICATE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: 5.2CC: bpontz, dkovalsk
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://linux-nfs.org/pipermail/nfsv4/2007-December/007328.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-06-05 16:16:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Paul Howarth 2008-07-21 23:31:31 UTC
Description of problem:
Groups with large numbers of members are mapped by rpc.idmapd to the "nobody"
user instead of the correct group name. The problem has been discussed on the
upstream mailing list at the URL for this ticket.

Version-Release number of selected component (if applicable):
nfs-utils-lib-1.0.8-7.2.z2

How reproducible:
Every time.

idmapd.conf:
[General]

Verbosity = 9
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = uk.virtensys.com

[Mapping]

Nobody-User = nobody
Nobody-Group = nobody

[Translation]
Method = nsswitch


Some group entries, output from "getent group":
Domain Admins:*:512:domadmin,phowarth,troshan,mlees,gsandom
Domain
Users:*:513:asou,bkinsman,ctowers,fnaven,imccarth,jhowarth,lmay,mduxbury,phowarth,smarshal,tpalmer,plombard,rdrewry,troshan,estolarz,sholling,sdennis,brianw,marekp,ytchapda,dcarter,library,phodgett,tpedley,bnapaa,bjustnes,yong,aking,scarroll,clawther,wkhan,hsabert,rbuckett,mogden,paulm,salli,mlees,rhicks,iormshaw,petera,labmo,ajacketts,aroberts,amartin,rjefferson,ahoussein,pclib1,pclib2,pclib3,jnichols,scalkins,cgaudet,lab204,dirk,taylors,homeruser,labuser,jcooke,labaj,mtamblyn,mnoble,gsandom,ebeasant,hwong,magnihotri,manoj,labanalyser,jday,ghandral,pgiddi,softlib,madshead,dstanford,fzhang,bwald,rprathipati,labrat,mramachandran,vgokulrangan,djha,labuser2,labuser3,kpanah,wasp,youhee,docs
virt:*:2001:bkinsman,fnaven,imccarth,jhowarth,lmay,mduxbury,phowarth,smarshal,tpalmer,plombard,rdrewry,troshan,sdennis,brianw,marekp,ytchapda,dcarter,tpedley,bnapaa,bjustnes,aking,scarroll,clawther,wkhan,hsabert,rbuckett,mogden,paulm,salli,mlees,rhicks,iormshaw,petera,labmo,ajacketts,aroberts,amartin,rjefferson,ahoussein,pclib1,pclib2,pclib3,jnichols,scalkins,cgaudet,lab204,dirk,taylors,homeruser,labuser,jcooke,labaj,mtamblyn,mnoble,gsandom,ebeasant,hwong,magnihotri,manoj,labanalyser,jday,ghandral,pgiddi,softlib,madshead,dstanford,fzhang,bwald,rprathipati,labrat,mramachandran,vgokulrangan,djha,labuser2,labuser3,kpanah,wasp,youhee
vpcgroup:*:5032:wkhan,mnoble,rbuckett,ajacketts,dcarter,aking,brianw,troshan,mogden,scarroll,petera,salli,labmo,hwong,madshead,phowarth


When a client does an "ls -l" for a directory containing files owned by these
groups, the "Domain Admins" and "vpcgroup" groups are mapped to the proper
names, but the "Domain Users" and "virt" groups are mapped to "nobody", as can
be seen in the server logs:

Jul 22 00:04:41 preston rpc.idmapd[21814]:  Server: (group) id "2001" -> name
"nobody"
Jul 22 00:06:07 preston rpc.idmapd[21814]:  Server: (group) id "513" -> name
"nobody"
Jul 22 00:06:36 preston rpc.idmapd[21814]:  Server: (group) id "512" -> name
"Domain Admins@uk.virtensys.com"
Jul 22 00:20:24 preston rpc.idmapd[21814]:  Server: (group) id "5032" -> name
"vpcgroup@uk.virtensys.com"


This is bad news when we need to use group permissions.

According to the discussion on the upstream mailing list, the problem went away
by upgrading to libnfsidmap-0.20.

Comment 1 Brian Pontz 2009-02-10 21:19:31 UTC
Same as bug #453804

Comment 3 David Kovalsky 2009-06-05 16:16:17 UTC
Indeed a dupe. 

Closing.

*** This bug has been marked as a duplicate of bug 453804 ***