||Home||Switchboard||Unix Administration||Red Hat||TCP/IP Networks||Neoliberalism||Toxic Managers|
|(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix|
|Autofs and automountd daemon||NFS performance tuning||History||Horror Stories||Tips||Humor||Etc|
In RHEL 5 and 6 NTFv4 implementation is rather capricious and buggy. And problems with mounting share as nobody is just tip of an iceberg. Mount also became rather capricious in NFS4 and if you shutdown your NFS4 server without detaching shares on clients often NFS4 on client enters strange state, and does not recover when the server is back. It needs to be killed and started again.
Most often user face this problem with nobody user mounting when they upgrade Linux as in more recent Linux versions default for NFS is Version 4, not 3. So the first thing is not to rush to solve this problem fir NFS4, but to determine is whether you are really benefitting from NTF4 or NFS3 is as good (and much more reliable). Otherwise the easiest and the most reliable solution is to fall back to NFS version 3 specifying this explicitly in /etc/fstab and forget about the problem. While the problem with nobody is definitely easily resolvable, it make sense to resolve only if you can benefit from NFS4. Most people don't.
This is a well known problem with NFS version 4 and some Linux vendors have advisories on how to deal it it. Please Google for your particular distribution using search sting like "RHEL NFSV4 nobody problem" as such advisories might well be more recent/comprehensive then this page and take into account idiosyncrasies of the particular distribution. See for example
For amount of pain possible with this trivial bug see discussion at Bug 823848 – NFSv4 idmapper maps files to user nobody
The root cause of this problem is that
NFSv4 utilizes ID mapping to ensure permissions are set properly on exported shares.
And if the domain's of the client and server do not match then the permissions are
nobody:nobody. But RHEL goes further then that and sometimes
set permissions to nobody:nobody even if domain is correct. In my case
the problem was solved if I put the value localdomain on both server and clients.
The following output is shown in
/var/log/messages when the mount
has been completed and the system shows
nobody:nobody as user and group
permissions on directories and files:
Mar 31 11:12:00 node1 rpc.idmapd: nss_getpwnam: name 'email@example.com' does not map into domain 'localdomain' Mar 31 11:15:20 node1 rpc.idmapd: nss_getpwnam: name 'firstname.lastname@example.org' does not map into domain 'localdomain'
Two preliminary checks need to be performed to exclude other possible issues
Now you can modify the
/etc/idmapd.conf with "Domain =" directive with
value localdomain. Red Hat recommends to use the proper domain (FQDN), on both
the client and server, but it did not worked for me. Probably due to bugs. But putting string
localdomain worked. A really Byzantium situation if not Kafkaesque...
"Domain =" directive within
/etc/idmapd.conf should be modified to
Domain = localdomain
To put the changes into effect restart the
rpcidmapd service and
remount the NFSv4 filesystem:
# service rpcidmapd restart # mount -o remount /nfs/mnt/point
On Red Hat Enterprise Linux 6 a clearing of the
idmapd cache may
You may need also to restart the idmapd process, which has an /etc/init.d control script named /etc/rpcidmapd on both server and clients
# nfsidmap -c
|Bulletin||Latest||Past week||Past month||
nfs4 idmapd.conf user mapping
On 10/10/2012 07:01 PM, Greg Bailey wrote:
> On 10/10/2012 02:58 PM, Paul B Schroeder wrote:
>> On my CentOS 6.3 machine, in /etc/idmapd.conf I've updated the
>> "[Mapping]" section of the config file:
>> Nobody-User = paulbsch
>> Nobody-Group = paulbsch
>> But the mapping is not working. Files still show up as being owned by
>> On my Fedora 14 machine, with the exact same changes to
>> /etc/idmapd.conf, the mapping works perfectly and the files show up as
>> being owned by "paulbsch".
>> On the CentOS 6.3 machine:
>> On the F14 machine:
>> Would anybody have any idea why this is does not work on CentOS as it
>> does in F14?
> I'm keeping my eye on:
> [Bug 823848] NFSv4 idmapper maps files to user nobody
> Some of the comments suggest a patch is needed in nfs-utils.
The temporary workaround, in the link listed there, works for now.
linux-archive.orgSkipE30th May 2011, 06:07 PM
I have a Fedora 13 NFS server with Fedora 13 and 14 clients that have been running correctly with permissions showing proper user and group names on the client's mount points.
/etc/exports entries on the server are identical for all clients. Clients get their addresses and other information from dhcp served by dnsmasq on the local network. The dnsmasq server also supports a local domain "foo.home" (actual name changed to obscure hopefully needless detail... the point is that "/foo/home" is not in the internet's dns anywhere) that never gets seen outside the local network. The clients all believe that they are in the "foo.home" domain and dnsmasq forwards external dns queries.
I installed a new Fedora 15 on one of the client systems (new install, not upgrade) and found that the mount point on the Fedora 15 client now shows "nobody nobody" for all files.
After reading all the various google search results, I came up with the following:
Edit /etc/idmapd.conf on both client and server.
Near the top in the [General] section I uncommented the line
#Domain = local.domain.edu
and changed it to
Restarted both server and client's rpc.idmapd.
The names on the client mount point now show up properly as they did on the fedora-13/14 clients
This is probably in indication that dnsmasq is not properly giving the clients their domain information in a fully consistent way, but that will wait for another day.
There is a bug and i don't know it resolved or not.
there is workaround try that one and also update.
The problem disappears immediately, if I do
server: killall rpc.idmapd && /usr/sbin/rpc.idmapd
client: /etc/init.d/nscd restart
Jan 31. 2012 | GizmoLA.com
I had previously insured that the user UID and group GID for the user that would be writing files (in my case "apache" was the same (with the same UID and GID) on the NFS server and the servers mounting the nfs volume.
As it turned out the problem was with the configuration (or lack thereof) of the rpcidmapd service. NFS4 relies on this service to map users between machines. The "idmapd" requires that the domain of both the client and server should match for the UID/GID mapping to work, and in my case it wasn't. Probably many people with proper DNS configuration don't hit this problem, but we did not have a proper DNS setup, as these machines are part of a growing cluster. Compounding the problem I had set the configuration files to have meaningless host names rather than a domain.
You can tweak this setup by editing the: /etc/idmapd.conf file, and find the "Domain" variable:
Domain = yourdomain.com
Set these to be the same for the server and all the clients.
The last problem was that I had to restart the idmapd process, which has an /etc/init.d control script named /etc/rpcidmapd
[root@web1 init.d]# ls -lath | grep rpcid
-rwxr-xr-x 1 root root 2.7K Jul 28 2011 rpcidmapd
Restart the process on both the nfs server and any nfs clients. If the source of your problem is the same as mine, your user & group mapping problems should be solved:
SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SituationAn NFS client is successfully mounting an NFS v4 file system. However, upon executing "ls -al," all the file user and group ownership is showing as "nobody" or as "4294967294", instead of the values that are shown when viewed directly on the remote NFS server.
ResolutionFor user names to be displayed correctly, the NFS v4 server must have knowledge of the same user and group accounts as the NFS client. If users and groups are centrally managed, this works automatically. With previous NFS protocol versions, it was sufficient to create identical user accounts on all clients accessing an NFS server. These accounts didn't need to exist on the server itself because the files were only served by user ID. However, with NFSv4, identity tracking has been redesigned and now uses a identity mapping daemon (idmapd). It's crucial that server and client have access to identical account information, or idmapd cannot properly do it's job and may display ownership as "nobody" or equivalent high values.Both the NFS server and the NFS client must run idmapd and have good idmapd.conf files. Even when the same accounts are known to both the servers and clients, idmapd configuration problems can prevent proper ownership from being displayed.Check the /etc/idmapd.conf file. The [General] section should have a Domain setting. This typically matches the DNS domain name, but does not necessarily have to. NFS servers and NFS clients which interact with each other should have their idmap domains set identically. It can also be helpful for there to be a [Translation] section which specifies the method of translating between names and IDs. Typically, it is best to point to nsswitch methodology.
So, for example, a typical idmapd.conf file might look like the following:[General]
If changes are made to this file on any system, or if a system is already configured this way and still does not function correctly, try restarting idmapd. On some versions of SLES (typically SLE 10) this can be done with:rcidmapd restart On other versions (typically SLE 11), idmapd isn't setup to stop and start independently of NFS services, so the necessary commands would be:If the system is an nfs client:
If the system is an NFS server:rcnfsserver restart If the system is both an NFS server and an NFS client:
rcnfs stoprcnfsserver stop
(repeat the above commands if messages indicate something could not be stopped or is busy)rcnfsserver start
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
|Bulletin||Latest||Past week||Past month||
NFSv4 mount incorrectly shows all files with ownership as nobodynobody - Red Hat Customer Portal
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2020 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to to buy a cup of coffee for authors of this site|
Last modified: July 28, 2019