Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

nfsidmap(5) [debian man page]

nfsidmap(5)							File Formats Manual						       nfsidmap(5)

NAME

       nfsidmap - The NFS idmapper upcall program

SYNOPSIS

       nfsidmap [-v] [-t timeout] key desc
       nfsidmap [-v] [-c]
       nfsidmap [-v] [-u|-g|-r user]

DESCRIPTION

       The  file  /usr/sbin/nfsidmap is used by the NFS idmapper to translate user and group ids into names, and to translate user and group names
       into ids. Idmapper uses request-key to perform the upcall and cache the result.	/usr/sbin/nfsidmap is  called  by  /sbin/request-key,  and
       will perform the translation and initialize a key with the resulting information.

       nfsidmap  can also used to clear the keyring of all the keys or revoke one particular key.  This is useful when the id mappings have failed
       to due to a lookup error resulting in all the cached uids/gids to be set to the user id nobody.

OPTIONS

       -c     Clear the keyring of all the keys.

       -g user
	      Revoke the gid key of the given user.

       -r user
	      Revoke both the uid and gid key of the given user.

       -t timeout
	      Set the expiration timer, in seconds, on the key.  The default is 600 seconds (10 mins).

       -u user
	      Revoke the uid key of the given user.

       -v     Increases the verbosity of the output to syslog (can be specified multiple times).

CONFIGURING

       The file /etc/request-key.conf will need to be modified so /sbin/request-key can properly direct the upcall. The following line	should	be
       added before a call to keyctl negate:

       create	 id_resolver	*    *	  /usr/sbin/nfsidmap -t 600 %k %d

       This  will  direct all id_resolver requests to the program /usr/sbin/nfsidmap.  The -t 600 defines how many seconds into the future the key
       will expire.  This is an optional parameter for /usr/sbin/nfsidmap and will default to 600 seconds when not specified.

       The idmapper system uses four key descriptions:

	      uid: Find the UID for the given user
	      gid: Find the GID for the given group
	     user: Find the user name for the given UID
	    group: Find the group name for the given GID

       You can choose to handle any of these individually, rather than using the generic upcall program.  If you would like to use your  own  pro-
       gram for a uid lookup then you would edit your request-key.conf so it looks similar to this:

       create	 id_resolver	uid:*	  *    /some/other/program %k %d
       create	 id_resolver	*	  *    /usr/sbin/nfsidmap %k %d

       Notice  that the new line was added above the line for the generic program.  request-key will find the first matching line and run the cor-
       responding program.  In this case, /some/other/program will handle all uid lookups, and /usr/sbin/nfsidmap will handle gid, user, and group
       lookups.

AUTHOR

       Bryan Schumaker, <bjschuma@netapp.com>

								  1 October 2010						       nfsidmap(5)

Check Out this Related Man Page

CIFS.IDMAP(8)						    System Administration tools 					     CIFS.IDMAP(8)

NAME

       cifs.idmap - Userspace helper for mapping ids for Common Internet File System (CIFS)

SYNOPSIS

       cifs.idmap [--help|-h] [--timeout|-t] [--version|-v] {keyid}

DESCRIPTION

       This tool is part of the cifs-utils suite.

       cifs.idmap is a userspace helper program for the linux CIFS client filesystem. There are a number of activities that the kernel cannot
       easily do itself. This program is a callout program that does these things for the kernel and then returns the result.

       cifs.idmap is generally intended to be run when the kernel calls request-key(8) for a particular key type. While it can be run directly
       from the command-line, it is not generally intended to be run that way.

       This program is only called if a share is mounted with the cifsacl mount option. The kernel will only upcall to do this conversion if that
       mount option is specified.

       cifs.idmap relies on a plugin to handle the ID mapping. If it can't find the plugin then it will not work properly. The plugin (or a
       symlink to it) must be at /etc/cifs-utils/idmap-plugin.

       In the case where cifs.idmap or the plugin are unavailable, file objects in a mounted share are assigned uid and gid of the credentials of
       the process that mounted the share. It is strongly recomemended to use mount options of uid and gid to specify a default uid and gid to map
       owner SIDs and group SIDs in this situation.

OPTIONS

       --help|-h
	      Print the usage message and exit.

       --timeout|-t
	   Set the expiration timer, in seconds on the key. The default is 600 seconds (10 minutes). Setting this to 0 will cause the key to never
	   expire.

       --version|-v
	   Print version number and exit.

CONFIGURATION FOR KEYCTL

       cifs.idmap is designed to be called from the kernel via the request-key callout program. This requires that request-key be told where and
       how to call this program. Currently cifs.idmap handles a key type of:

       cifs.idmap
	   This keytype is for mapping a SID to either an uid or a gid

       To make this program useful for CIFS, you will need to set up entry for it in request-key.conf(5). Here is an example of an entry for this
       key type:

	   #OPERATION  TYPE	      D C PROGRAM ARG1 ARG2...
	   #=========  =============  = = ================================
	   create      cifs.idmap     * * /usr/sbin/cifs.idmap %k

       See request-key.conf(5) for more info on each field.

NOTES

       Support for upcalls to cifs.idmap was initially introduced in the 3.0 kernel.

SEE ALSO

       request-key.conf(5), mount.cifs(8)

AUTHOR

       Shirish Pargaonkar wrote the cifs.idmap program.

       The Linux CIFS Mailing list is the preferred place to ask questions regarding these programs.

cifs-utils							    05/26/2011							     CIFS.IDMAP(8)
Man Page