From owner-freebsd-fs@FreeBSD.ORG Mon Oct 13 08:10:08 2014 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 40B78EFF for ; Mon, 13 Oct 2014 08:10:08 +0000 (UTC) Received: from smtp.unix-experience.fr (62-210-206-43.rev.poneytelecom.eu [62.210.206.43]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CA038F40 for ; Mon, 13 Oct 2014 08:10:06 +0000 (UTC) Received: from smtp.unix-experience.fr (unknown [192.168.200.21]) by smtp.unix-experience.fr (Postfix) with ESMTP id AEEE1FB8D; Mon, 13 Oct 2014 08:10:04 +0000 (UTC) X-Virus-Scanned: scanned by unix-experience.fr Received: from smtp.unix-experience.fr ([192.168.200.21]) by smtp.unix-experience.fr (smtp.unix-experience.fr [192.168.200.21]) (amavisd-new, port 10024) with ESMTP id hX_tzAewal1t; Mon, 13 Oct 2014 08:10:02 +0000 (UTC) Received: from mail.unix-experience.fr (unknown [192.168.200.1]) by smtp.unix-experience.fr (Postfix) with ESMTPSA id 8D025FB80; Mon, 13 Oct 2014 08:10:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=unix-experience.fr; s=uxselect; t=1413187802; bh=2w54PwUM+BBYaQicE+T55t2H+DA6I5YedGZBBN2WM/I=; h=Date:From:Subject:To:Cc:In-Reply-To:References; b=Zi8DDvKJBjk/yJB5feaedEZ2Z+KiuD/iPz19YP6LUBiNRD+Xd1HM7V0W6txF2hDd4 elWhMgnILXxAvpOE0FeDr9JTyOusFsxGxi64fd8K4CPTmoM6zz8dTJDkaDMlFqIEhJ qEnUoAVkZxNDwzKcLvwE96KMy85M7ickfLDkLG4g= Mime-Version: 1.0 Date: Mon, 13 Oct 2014 08:10:02 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: Quoted-Printable Message-ID: <1ffeae65b7b297266ee2d59dc0289d07@mail.unix-experience.fr> X-Mailer: RainLoop/1.6.9.161 From: "=?utf-8?B?TG/Dr2MgQmxvdA==?=" Subject: Re: NFSv4 nobody issue To: "Rick Macklem" In-Reply-To: <8ca92a8e507970c5bc3e34c31c30561e@mail.unix-experience.fr> References: <8ca92a8e507970c5bc3e34c31c30561e@mail.unix-experience.fr> <1738545148.62071361.1412941900737.JavaMail.root@uoguelph.ca> Cc: freebsd-fs@freebsd.org X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2014 08:10:08 -0000 Hi,=0Ai tryed some other things=0A=0AUser nobody (65534)=0A-> chown nobod= y /usr/jail/test.file =3D> problem=0A=0AGroup nogroup (65533)=0A-> chown = :nogroup /usr/jail/test.file =3D> same problem=0A=0AGroup nobody (65534)= =0A-> chown :nobody /usr/jail/test.file =3D> no problem=0A=0AChange user = nobody UID from 65534 to 65533 =3D> same problem. It's not a UID number p= roblem but a name problem.=0A=0AThen, user nobody and group nogroup (not = the integer values) are problematic. I looked at nfsuserd.c and i see:=0A= u_char *defaultuser =3D "nobody";=0Au_char *defaultgroup =3D "nogroup";= =0A=0AI think it's related.=0A=0ARegards,=0A=0ALo=C3=AFc Blot,=0AUNIX Sys= tems, Network and Security Engineer=0Ahttp://www.unix-experience.fr=0A=0A= 13 octobre 2014 09:15 "Lo=C3=AFc Blot" a = =C3=A9crit: =0A> Hi,=0A> of course i have it. On each node:=0A> =0A> # ca= t /etc/master.passwd | grep nobody=0A> returns:=0A> nobody:*:65534:65534:= :0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin=0A> =0A> It's why i= do a report here :)=0A> =0A> Regards,=0A> =0A> Lo=C3=AFc Blot,=0A> UNIX = Systems, Network and Security Engineer=0A> http://www.unix-experience.fr= =0A> =0A> 10 octobre 2014 13:51 "Rick Macklem" a = =C3=A9crit:=0A> =0A>> Loic Blot wrote:=0A>> =0A>>> Hello @freebsd-fs,=0A>= >> i'm trying to do jail hosting over NFSv4 with ezjail and i'm=0A>>> exp= erimenting an issue that i can't resolve. When i extract=0A>>> base.txz (= with ezjail) or i set nobody user on a file, i have this=0A>>> error:=0A>= >> =0A>>> chown nobody:nobody /usr/jails/fulljail/mnt/=0A>>> No name and/= or group mapping for uid,gid:(65534,65534)=0A>>> chown: /usr/jails/fullja= il/mnt/: Operation not permitted=0A>>> =0A>>> No problem if i set:=0A>>> = chown mysql:nobody /usr/jails/fulljail/mnt/=0A>>> =0A>>> Problem appears = on all files.=0A>> =0A>> Do you have a user by the name of "nobody" in yo= ur password database?=0A>> (NFSv4 uses names and not numbers on the wire,= so no name-->no mapping=0A>> and chown can't be done.)=0A>> =0A>> rick= =0A>> =0A>>> On my ZFS+NFSv4 server i do a dataset, exported in NFS=0A>>>= =0A>>> /etc/exports:=0A>>> V4: /=0A>>> =0A>>> zfs get sharenfs pool/jail= s:=0A>>> -network=3D10.99.99.0 -mask=3D255.255.255.0 -maproot=3Droot=0A>>= > =0A>>> nfsuserd and nfsv4_server_enable=3DYES on both client and server= , plus=0A>>> nfsbcd on client.=0A>>> =0A>>> On the client here is the fst= ab entry=0A>>> 10.99.99.99:/pool/jails /usr/jails nfs rw,nfsv4 0 0=0A>>> = =0A>>> What i'm doing wrong ?=0A>>> =0A>>> Thanks in advance=0A>>> Regard= s,=0A>>> =0A>>> Lo=C3=AFc Blot,=0A>>> UNIX Systems, Network and Security = Engineer=0A>>> http://www.unix-experience.fr =0A>>> _____________________= __________=0A>>> =0A>>> freebsd-fs@freebsd.org mailing list=0A>>> http://= lists.freebsd.org/mailman/listinfo/freebsd-fs=0A>>> To unsubscribe, send = any mail to "freebsd-fs-unsubscribe@freebsd.org"=0A> =0A> _______________= ________________=0A> =0A> freebsd-fs@freebsd.org mailing list=0A> http://= lists.freebsd.org/mailman/listinfo/freebsd-fs=0A> To unsubscribe, send an= y mail to "freebsd-fs-unsubscribe@freebsd.org"