{"id":21,"date":"2007-09-10T00:08:02","date_gmt":"2007-09-10T07:08:02","guid":{"rendered":"http:\/\/www.kernelcrash.com\/blog\/2007\/09\/10\/nfs-uidgid-mapping\/"},"modified":"2013-04-23T11:19:39","modified_gmt":"2013-04-23T11:19:39","slug":"nfs-uidgid-mapping","status":"publish","type":"post","link":"https:\/\/www.kernelcrash.com\/blog\/nfs-uidgid-mapping\/2007\/09\/10\/","title":{"rendered":"NFS uid\/gid mapping"},"content":{"rendered":"<p><em>UPDATE: The following post is referring to the user-mode NFS server that some linux distributions had when I wrote the post back in 2007. Now (2013), most distro&#8217;s just use the kernel based NFS server, which does not include the uid\/gid remapping as far as I am aware.<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>My debian etch box is a file server amongst other things and generally I<br \/>\nuse NFS to mount its directories on other linux boxes, and as per an<br \/>\nearlier post I also mount these directories on the MacMini.<\/p>\n<p>Generally access is read only, but I noticed my write access didn&#8217;t work<br \/>\nat all. I kept on getting permission denied errors. Of course, it was<br \/>\nbecause my uids and gids did not match up between client and server. Now the linux user mode NFS server (which is what I run) has a uid\/gid remapping facility. I first<br \/>\ntried something like this in \/etc\/exports:<\/p>\n<p>\/somedir 10.1.2.0\/255.255.255.0 (rw,insecure,map_static=\/etc\/nfs.map)<\/p>\n<p>And set up my \/etc\/nfs.map file as :<\/p>\n<p># remote local<br \/>\ngid 500 1000<br \/>\nuid 500 2003<\/p>\n<p>So that means that if the client is uid 500, that it gets remapped to<br \/>\nuid 2003 on the server. And gid 500 on the client gets mapped to 1000 on<br \/>\nthe server.<\/p>\n<p>I tried it and it didn&#8217;t work.<\/p>\n<p>Then I read that if you use subnet matching then some stuff doesn&#8217;t<br \/>\nwork, so attempt two using the explicit IP of one of my clients:<\/p>\n<blockquote><p><code>\/somedir 10.1.2.1(rw,insecure,map_static=\/etc\/nfs.map)<\/code><\/p><\/blockquote>\n<p>Stopped and started the NFS server and mounted on the client (linux at<br \/>\nthis stage) and it all worked.<\/p>\n<p>Then I added some entries into the map for the MacMini.And had my<br \/>\n\/etc\/exports as:<\/p>\n<blockquote><p><code>\/somedir 10.1.2.1 (rw,insecure,map_static=\/etc\/nfs.map)<br \/>\n10.1.2.2(rw,insecure,map_static=\/etc\/nfs.map)<\/code><\/p><\/blockquote>\n<p>and my new \/etc\/nfs.map looked like:<\/p>\n<p># remote local<br \/>\ngid 500 1000 # linux client<br \/>\nuid 500 2003 # linux client<br \/>\ngid 501 1000 # Mac client<br \/>\nuid 501 2003 # Mac client<\/p>\n<p>That didn&#8217;t work. Well it worked on one of the clients, but not the<br \/>\nother. I think the mapping clashed, so I ended up having separate maps<br \/>\nfor each client:<\/p>\n<p>\/somedir 10.1.2.1 (rw,insecure,map_static=\/etc\/nfs.map.linux)<br \/>\n10.1.2.2(rw,insecure,map_static=\/etc\/nfs.map.mac)<\/p>\n<p>And split that nfs.map file appropriately.<\/p>\n<p>Now it all worked.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>UPDATE: The following post is referring to the user-mode NFS server that some linux distributions had when I wrote the post back in 2007. Now (2013), most distro&#8217;s just use the kernel based NFS server, which does not include the uid\/gid remapping as far as I am aware. &nbsp; My debian etch box is a [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,4],"tags":[],"class_list":["post-21","post","type-post","status-publish","format-standard","hentry","category-linux","category-mac"],"_links":{"self":[{"href":"https:\/\/www.kernelcrash.com\/blog\/wp-json\/wp\/v2\/posts\/21","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kernelcrash.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kernelcrash.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kernelcrash.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kernelcrash.com\/blog\/wp-json\/wp\/v2\/comments?post=21"}],"version-history":[{"count":2,"href":"https:\/\/www.kernelcrash.com\/blog\/wp-json\/wp\/v2\/posts\/21\/revisions"}],"predecessor-version":[{"id":694,"href":"https:\/\/www.kernelcrash.com\/blog\/wp-json\/wp\/v2\/posts\/21\/revisions\/694"}],"wp:attachment":[{"href":"https:\/\/www.kernelcrash.com\/blog\/wp-json\/wp\/v2\/media?parent=21"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kernelcrash.com\/blog\/wp-json\/wp\/v2\/categories?post=21"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kernelcrash.com\/blog\/wp-json\/wp\/v2\/tags?post=21"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}