isi nfs exports create --map-lookup-uid option
1,910 views
Skip to first unread message
Jean-Baptiste Denis
Feb 19, 2013, 4:12:56 AM2/19/13
to isilon-u...@googlegroups.com
Hello everybody,
I'm a 6.5.5 user.
The isinfs manpage does not mention a --map-lookup-uid option but the
output of isi nfs exports create --help does. What is its purpose ?
--map-lookup-uid=<boolean> Lookup incoming UIDs locally
I guess it's like the --manage-gids option of rpc.mountd on linux ?
"Accept requests from the kernel to map user id numbers into lists
of group id numbers for use in access control. An NFS request will
normally (except when using Kerberos or other crypto‐
graphic authentication) contains a user-id and a list of
group-ids. Due to a limitation in the NFS protocol, at most 16 groups
ids can be listed. If you use the -g flag, then the list of
group ids received from the client will be replaced by
a list of group ids determined by an appropriate lookup on the server."
Jean-Baptiste
I'm a 6.5.5 user.
The isinfs manpage does not mention a --map-lookup-uid option but the
output of isi nfs exports create --help does. What is its purpose ?
--map-lookup-uid=<boolean> Lookup incoming UIDs locally
I guess it's like the --manage-gids option of rpc.mountd on linux ?
"Accept requests from the kernel to map user id numbers into lists
of group id numbers for use in access control. An NFS request will
normally (except when using Kerberos or other crypto‐
graphic authentication) contains a user-id and a list of
group-ids. Due to a limitation in the NFS protocol, at most 16 groups
ids can be listed. If you use the -g flag, then the list of
group ids received from the client will be replaced by
a list of group ids determined by an appropriate lookup on the server."
Jean-Baptiste
Peter Serocka
Feb 19, 2013, 4:43:35 AM2/19/13
to Jean-Baptiste Denis, isilon-u...@googlegroups.com
Isilon has sophisticated user and permission mapping facilities,
in particular for managing shared access through NFS and SMB on
the same data. Check: man isiauth
Peter
> --
> You received this message because you are subscribed to the Google Groups "Isilon Technical User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to isilon-user-gr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
Peter Serocka
CAS-MPG Partner Institute for Computational Biology (PICB)
Shanghai Institutes for Biological Sciences (SIBS)
Chinese Academy of Sciences (CAS)
320 Yue Yang Rd, Shanghai 200031, China
pser...@picb.ac.cn
in particular for managing shared access through NFS and SMB on
the same data. Check: man isiauth
Peter
> You received this message because you are subscribed to the Google Groups "Isilon Technical User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to isilon-user-gr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
Peter Serocka
CAS-MPG Partner Institute for Computational Biology (PICB)
Shanghai Institutes for Biological Sciences (SIBS)
Chinese Academy of Sciences (CAS)
320 Yue Yang Rd, Shanghai 200031, China
pser...@picb.ac.cn
Jean-Baptiste Denis
Feb 19, 2013, 4:58:18 AM2/19/13
to Peter Serocka, isilon-u...@googlegroups.com
On 02/19/2013 10:43 AM, Peter Serocka wrote:
> Isilon has sophisticated user and permission mapping facilities,
> in particular for managing shared access through NFS and SMB on
> the same data. Check: man isiauth
I don't see anything related to my initial question ?
> Isilon has sophisticated user and permission mapping facilities,
> in particular for managing shared access through NFS and SMB on
> the same data. Check: man isiauth
Peter Serocka
Feb 19, 2013, 5:17:04 AM2/19/13
to Jean-Baptiste Denis, isilon-u...@googlegroups.com
"local" (Isilon-side) uid -> groups lookups.
> --map-lookup-uid=<boolean> Lookup incoming UIDs locally
Peter
Jean-Baptiste Denis
Feb 19, 2013, 5:39:47 AM2/19/13
to Peter Serocka, isilon-u...@googlegroups.com
> That man page "explains" the manifold option for setting up
> "local" (Isilon-side) uid -> groups lookups.
I understood that. I'm already using LDAP to authenticate my users, I
> "local" (Isilon-side) uid -> groups lookups.
didn't mention that in my first message indeed.
> Yes, this should enable Isilon-side uid -> groups lookups.
I can use this option on a per-share basis to deal with the NFSv3
(without kerberos) 16 groups limit, which was my initial problem.
Regards,
Jean-Baptiste
Reply all
Reply to author
Forward
0 new messages