Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

nfsv4 mounts files and directories as nobody

News

Troubleshooting NFS Problems

Recommended Links nfs4 nfsstat    
Autofs and automountd daemon NFS performance tuning History Horror Stories Tips Humor Etc

Introduction

In RHEL 5 and 6 NTFv4 implementation is rather capricious and buggy. And problems with mounting share as nobody is just tip of an iceberg. Mount also became rather capricious in NFS4 and if you shutdown your NFS4 server without detaching shares on clients often NFS4 on client enters strange state, and does not recover when the server is back.  It needs to be killed and started again.

Most often user face this problem with nobody user mounting when they upgrade Linux as in more recent Linux versions default for NFS is Version 4, not 3.  So the first thing is not to rush to solve this problem fir NFS4, but to determine is whether you are really benefitting from NTF4 or NFS3 is as good (and much more reliable).  Otherwise the easiest and the most reliable solution is to fall back to NFS version 3 specifying this explicitly in /etc/fstab and forget about the problem. While the problem with nobody is definitely easily resolvable,  it make sense to resolve only if you can benefit from NFS4. Most people don't.

This is a well known problem with NFS version 4 and some Linux vendors have advisories on how to deal it it. Please Google for your particular distribution using search sting like "RHEL NFSV4 nobody problem" as such advisories might well be more recent/comprehensive then this page and take into account idiosyncrasies of the particular distribution. See for example

For amount of pain possible with this trivial bug see discussion at Bug 823848 – NFSv4 idmapper maps files to user nobody

The root cause

The root cause of this problem is that NFSv4 utilizes ID mapping to ensure permissions are set properly on exported shares. And if the domain's of the client and server do not match then the permissions are mapped to nobody:nobody. But RHEL goes further then that and sometimes set permissions to nobody:nobody even if domain is correct. In my case the problem was solved if I put the value localdomain on both server and clients. 

The following output is shown in /var/log/messages when the mount has been completed and the system shows nobody:nobody as user and group permissions on directories and files:

Mar  31 11:12:00 node1 rpc.idmapd[1874]: nss_getpwnam: name 'vasp@firma.com' does not map into domain 'localdomain' 
Mar  31 11:15:20 node1 rpc.idmapd[1874]: nss_getpwnam: name 'root@firma.com' does not map into domain 'localdomain'

Troubleshooting

Two preliminary checks need to be performed to exclude other possible issues

Now you can modify the /etc/idmapd.conf with "Domain =" directive with value localdomain. Red Hat recommends to use the proper domain (FQDN), on both the client and server, but it did not worked for me. Probably due to bugs.  But putting string localdomain worked. A really Byzantium situation if not Kafkaesque...

So the "Domain =" directive within /etc/idmapd.conf should be modified to read:

Domain = localdomain

To put the changes into effect restart the rpcidmapd service and remount the NFSv4 filesystem:

# service rpcidmapd restart
# mount -o remount /nfs/mnt/point

On Red Hat Enterprise Linux 6 a clearing of the idmapd cache may be required:

 # nfsidmap -c  
You may need also to restart the idmapd process, which has an /etc/init.d control script named /etc/rpcidmapd on both server and clients
Top updates

Bulletin Latest Past week Past month
Google Search


NEWS CONTENTS

Old News ;-)

Centos, Amazon Linux, NFS and the dreaded nobody problem

Jan 31. 2012  | GizmoLA.com

I had previously insured that the user UID and group GID for the user that would be writing files (in my case "apache" was the same (with the same UID and GID) on the NFS server and the servers mounting the nfs volume.

As it turned out the problem was with the configuration (or lack thereof) of the rpcidmapd service. NFS4 relies on this service to map users between machines. The "idmapd" requires that the domain of both the client and server should match for the UID/GID mapping to work, and in my case it wasn't. Probably many people with proper DNS configuration don't hit this problem, but we did not have a proper DNS setup, as these machines are part of a growing cluster. Compounding the problem I had set the configuration files to have meaningless host names rather than a domain.

You can tweak this setup by editing the: /etc/idmapd.conf file, and find the "Domain" variable:

Domain = yourdomain.com

Set these to be the same for the server and all the clients.

The last problem was that I had to restart the idmapd process, which has an /etc/init.d control script named /etc/rpcidmapd

[root@web1 init.d]# ls -lath | grep rpcid
-rwxr-xr-x 1 root root 2.7K Jul 28 2011 rpcidmapd

Restart the process on both the nfs server and any nfs clients. If the source of your problem is the same as mine, your user & group mapping problems should be solved:
 

Support NFS4 mount shows all ownership as nobody

Environment

SUSE Linux Enterprise Desktop 11

SUSE Linux Enterprise Desktop 10

SUSE Linux Enterprise Server 11

SUSE Linux Enterprise Server 10

Situation

An NFS client is successfully mounting an NFS v4 file system.  However, upon executing "ls -al," all the file user and group ownership is showing as "nobody" or as "4294967294", instead of the values that are shown when viewed directly on the remote NFS server.

Resolution

For user names to be displayed correctly, the NFS v4 server must have knowledge of the same user and group accounts as the NFS client.  If users and groups are centrally managed, this works automatically.  With previous NFS protocol versions, it was sufficient to create identical user accounts on all clients accessing an NFS server. These accounts didn't need to exist on the server itself because the files were only served by user ID.  However, with NFSv4, identity tracking has been redesigned and now uses a identity mapping daemon (idmapd).  It's crucial that server and client have access to identical account information, or idmapd cannot properly do it's job and may display ownership as "nobody" or equivalent high values.Both the NFS server and the NFS client must run idmapd and have good idmapd.conf files.  Even when the same accounts are known to both the servers and clients, idmapd configuration problems can prevent proper ownership from being displayed.Check the /etc/idmapd.conf file.  The [General] section should have a Domain setting.  This typically matches the DNS domain name, but does not necessarily have to.  NFS servers and NFS clients which interact with each other should have their idmap domains set identically.  It can also be helpful for there to be a [Translation] section which specifies the method of translating between names and IDs.  Typically, it is best to point to nsswitch methodology.

  

So, for example, a typical idmapd.conf file might look like the following:[General]

Verbosity=7
Pipefs-Directory=/var/lib/nfs/rpc_pipefs
Domain=test.novell2.com

 

[Mapping]

Nobody-User=nobody
Nobody-Group=nobody

 

[Translation]
Method=nsswitch
 

If changes are made to this file on any system, or if a system is already configured this way and still does not function correctly, try restarting idmapd.  On some versions of SLES (typically SLE 10) this can be done with:

rcidmapd restart On other versions (typically SLE 11), idmapd isn't setup to stop and start independently of NFS services, so the necessary commands would be:If the system is an nfs client:

rcnfs restart

 

If the system is an NFS server:

rcnfsserver restart If the system is both an NFS server and an NFS client:

rcnfs stop

rcnfsserver stop

(repeat the above commands if messages indicate something could not be stopped or is busy)

rcnfsserver start

rcnfs start

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

[Oct 10, 2012] NFS4 nobody nobody problem

forums.fedoraforum.org

nfs4 idmapd.conf user mapping

--------------------------------------------------------------------------------

On 10/10/2012 07:01 PM, Greg Bailey wrote:
> On 10/10/2012 02:58 PM, Paul B Schroeder wrote:
>> On my CentOS 6.3 machine, in /etc/idmapd.conf I've updated the
>> "[Mapping]" section of the config file:
>> Nobody-User = paulbsch
>> Nobody-Group = paulbsch
>>
>> But the mapping is not working. Files still show up as being owned by
>> "nobody".
>>
>> On my Fedora 14 machine, with the exact same changes to
>> /etc/idmapd.conf, the mapping works perfectly and the files show up as
>> being owned by "paulbsch".
>>
>> On the CentOS 6.3 machine:
>> nfs-utils-1.2.3-26.el6.x86_64
>> nfs-utils-lib-1.1.5-4.el6.x86_64
>>
>> On the F14 machine:
>> nfs-utils-1.2.3-6.fc14.x86_64
>> nfs-utils-lib-1.1.5-3.fc14.x86_64
>>
>> Would anybody have any idea why this is does not work on CentOS as it
>> does in F14?
>
> I'm keeping my eye on:
>
> [Bug 823848] NFSv4 idmapper maps files to user nobody
>
> https://bugzilla.redhat.com/show_bug.cgi?id=823848

>
> Some of the comments suggest a patch is needed in nfs-utils.
The temporary workaround, in the link listed there, works for now.

Thanks!

nfs4 idmapd.conf user mapping

linux-archive.org

SkipE30th May 2011, 06:07 PM

I have a Fedora 13 NFS server with Fedora 13 and 14 clients that have been running correctly with permissions showing proper user and group names on the client's mount points.

/etc/exports entries on the server are identical for all clients. Clients get their addresses and other information from dhcp served by dnsmasq on the local network. The dnsmasq server also supports a local domain "foo.home" (actual name changed to obscure hopefully needless detail... the point is that "/foo/home" is not in the internet's dns anywhere) that never gets seen outside the local network. The clients all believe that they are in the "foo.home" domain and dnsmasq forwards external dns queries.

I installed a new Fedora 15 on one of the client systems (new install, not upgrade) and found that the mount point on the Fedora 15 client now shows "nobody nobody" for all files.

After reading all the various google search results, I came up with the following:

Edit /etc/idmapd.conf on both client and server.

Near the top in the [General] section I uncommented the line
#Domain = local.domain.edu
and changed it to
Domain=foo.home

Restarted both server and client's rpc.idmapd.

The names on the client mount point now show up properly as they did on the fedora-13/14 clients

This is probably in indication that dnsmasq is not properly giving the clients their domain information in a fully consistent way, but that will wait for another day.

NFS4 on Ubuntu nobody-nogroup user mapping

linuxquestions.org

Hi speaker0,

There is a bug and i don't know it resolved or not.

https://bugs.launchpad.net/ubuntu/+s...ls/+bug/335858
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502292

there is workaround try that one and also update.


Code:
The problem disappears immediately, if I do

server: killall rpc.idmapd && /usr/sbin/rpc.idmapd

client: /etc/init.d/nscd restart


Recommended Links

Top Visited

Bulletin Latest Past week Past month
Google Search



NFSv4 mount incorrectly shows all files with ownership as nobodynobody - Red Hat Customer Portal



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: October 17, 2014