Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 456180

Summary: Large groups mapped to nobody by rpc.idmapd
Product: Red Hat Enterprise Linux 5 Reporter: Paul Howarth <paul>
Component: nfs-utils-libAssignee: Steve Dickson <steved>
Severity: low Docs Contact:
Priority: low    
Version: 5.2CC: bpontz, dkovalsk
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-06-05 16:16:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Paul Howarth 2008-07-21 23:31:31 UTC
Description of problem:
Groups with large numbers of members are mapped by rpc.idmapd to the "nobody"
user instead of the correct group name. The problem has been discussed on the
upstream mailing list at the URL for this ticket.

Version-Release number of selected component (if applicable):

How reproducible:
Every time.


Verbosity = 9
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain =


Nobody-User = nobody
Nobody-Group = nobody

Method = nsswitch

Some group entries, output from "getent group":
Domain Admins:*:512:domadmin,phowarth,troshan,mlees,gsandom

When a client does an "ls -l" for a directory containing files owned by these
groups, the "Domain Admins" and "vpcgroup" groups are mapped to the proper
names, but the "Domain Users" and "virt" groups are mapped to "nobody", as can
be seen in the server logs:

Jul 22 00:04:41 preston rpc.idmapd[21814]:  Server: (group) id "2001" -> name
Jul 22 00:06:07 preston rpc.idmapd[21814]:  Server: (group) id "513" -> name
Jul 22 00:06:36 preston rpc.idmapd[21814]:  Server: (group) id "512" -> name
Jul 22 00:20:24 preston rpc.idmapd[21814]:  Server: (group) id "5032" -> name

This is bad news when we need to use group permissions.

According to the discussion on the upstream mailing list, the problem went away
by upgrading to libnfsidmap-0.20.

Comment 1 Brian Pontz 2009-02-10 21:19:31 UTC
Same as bug #453804

Comment 3 David Kovalsky 2009-06-05 16:16:17 UTC
Indeed a dupe. 


*** This bug has been marked as a duplicate of bug 453804 ***