Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 456180 - Large groups mapped to nobody by rpc.idmapd
Summary: Large groups mapped to nobody by rpc.idmapd
Keywords:
Status: CLOSED DUPLICATE of bug 453804
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nfs-utils-lib
Version: 5.2
Hardware: All
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Steve Dickson
QA Contact:
URL: http://linux-nfs.org/pipermail/nfsv4/...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-21 23:31 UTC by Paul Howarth
Modified: 2009-06-05 16:16 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-06-05 16:16:17 UTC


Attachments (Terms of Use)

Description Paul Howarth 2008-07-21 23:31:31 UTC
Description of problem:
Groups with large numbers of members are mapped by rpc.idmapd to the "nobody"
user instead of the correct group name. The problem has been discussed on the
upstream mailing list at the URL for this ticket.

Version-Release number of selected component (if applicable):
nfs-utils-lib-1.0.8-7.2.z2

How reproducible:
Every time.

idmapd.conf:
[General]

Verbosity = 9
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = uk.virtensys.com

[Mapping]

Nobody-User = nobody
Nobody-Group = nobody

[Translation]
Method = nsswitch


Some group entries, output from "getent group":
Domain Admins:*:512:domadmin,phowarth,troshan,mlees,gsandom
Domain
Users:*:513:asou,bkinsman,ctowers,fnaven,imccarth,jhowarth,lmay,mduxbury,phowarth,smarshal,tpalmer,plombard,rdrewry,troshan,estolarz,sholling,sdennis,brianw,marekp,ytchapda,dcarter,library,phodgett,tpedley,bnapaa,bjustnes,yong,aking,scarroll,clawther,wkhan,hsabert,rbuckett,mogden,paulm,salli,mlees,rhicks,iormshaw,petera,labmo,ajacketts,aroberts,amartin,rjefferson,ahoussein,pclib1,pclib2,pclib3,jnichols,scalkins,cgaudet,lab204,dirk,taylors,homeruser,labuser,jcooke,labaj,mtamblyn,mnoble,gsandom,ebeasant,hwong,magnihotri,manoj,labanalyser,jday,ghandral,pgiddi,softlib,madshead,dstanford,fzhang,bwald,rprathipati,labrat,mramachandran,vgokulrangan,djha,labuser2,labuser3,kpanah,wasp,youhee,docs
virt:*:2001:bkinsman,fnaven,imccarth,jhowarth,lmay,mduxbury,phowarth,smarshal,tpalmer,plombard,rdrewry,troshan,sdennis,brianw,marekp,ytchapda,dcarter,tpedley,bnapaa,bjustnes,aking,scarroll,clawther,wkhan,hsabert,rbuckett,mogden,paulm,salli,mlees,rhicks,iormshaw,petera,labmo,ajacketts,aroberts,amartin,rjefferson,ahoussein,pclib1,pclib2,pclib3,jnichols,scalkins,cgaudet,lab204,dirk,taylors,homeruser,labuser,jcooke,labaj,mtamblyn,mnoble,gsandom,ebeasant,hwong,magnihotri,manoj,labanalyser,jday,ghandral,pgiddi,softlib,madshead,dstanford,fzhang,bwald,rprathipati,labrat,mramachandran,vgokulrangan,djha,labuser2,labuser3,kpanah,wasp,youhee
vpcgroup:*:5032:wkhan,mnoble,rbuckett,ajacketts,dcarter,aking,brianw,troshan,mogden,scarroll,petera,salli,labmo,hwong,madshead,phowarth


When a client does an "ls -l" for a directory containing files owned by these
groups, the "Domain Admins" and "vpcgroup" groups are mapped to the proper
names, but the "Domain Users" and "virt" groups are mapped to "nobody", as can
be seen in the server logs:

Jul 22 00:04:41 preston rpc.idmapd[21814]:  Server: (group) id "2001" -> name
"nobody"
Jul 22 00:06:07 preston rpc.idmapd[21814]:  Server: (group) id "513" -> name
"nobody"
Jul 22 00:06:36 preston rpc.idmapd[21814]:  Server: (group) id "512" -> name
"Domain Admins@uk.virtensys.com"
Jul 22 00:20:24 preston rpc.idmapd[21814]:  Server: (group) id "5032" -> name
"vpcgroup@uk.virtensys.com"


This is bad news when we need to use group permissions.

According to the discussion on the upstream mailing list, the problem went away
by upgrading to libnfsidmap-0.20.

Comment 1 Brian Pontz 2009-02-10 21:19:31 UTC
Same as bug #453804

Comment 3 David Kovalsky 2009-06-05 16:16:17 UTC
Indeed a dupe. 

Closing.

*** This bug has been marked as a duplicate of bug 453804 ***


Note You need to log in before you can comment on or make changes to this bug.