nfs挂载后权限映射错误的解决办法
现象
在server端和client端都建立相同的用户和组,检查uid和gid全部相同.例如usera其uid=501,usera其gid=501.大部分客户端挂载后权限正确,但是个别客户端的用户权限却被映射成了nobody.
具体如下:
错误的权限
[root@centos6 f1]# ls -l test/
总用量 4
drwxr-xr-x. 2 nobody nobody 4096 2月 21 16:19 test
-rw-r--r--. 1 nobody nobody 0 2月 27 2012 test2
-rw-r--r--. 1 nobody nobody 0 2月 21 16:20 test.log
正确的权限
[root@centos6 f1]# ls -l test/
总用量 4
drwxr-xr-x. 2 usera usera 4096 2月 21 16:19 test
-rw-r--r--. 1 usera usera 0 2月 27 2012 test2
-rw-r--r--. 1 usera usera 0 2月 21 16:20 test.log
解决方法:
[root@centos6 etc]# vi /etc/idmapd.conf
[Mapping]
Nobody-User = usera
Nobody-Group = usera
[root@centos6 etc]# service rpcidmapd restart
正在启动 RPC idmapd:[确定]
正在启动 RPC idmapd:[确定]
问题解决.
原因:rpcidmap默认使用nsswitch进行用户和组的解析,而nis并没有配置,导致解析失败.用户和组被映射到nobody用户和组上.
日志记录如下:
[root@centos6 ~]# rpc.idmapd -vvvv -f
rpc.idmapd: libnfsidmap: using domain: li.rq
rpc.idmapd: libnfsidmap: Realms list: 'LI.RQ'
rpc.idmapd: libnfsidmap: processing 'Method' list
rpc.idmapd: libnfsidmap: loaded plugin /usr/lib/libnfsidmap/nsswitch.so for method nsswitch
rpc.idmapd: Expiration time is 600 seconds.
rpc.idmapd: nfsdopenone: Opening /proc/net/rpc/nfs4.nametoid/channel failed: errno 2 (No such file or directory)
rpc.idmapd: New client: c
rpc.idmapd: Opened /var/lib/nfs/rpc_pipefs//nfs/clntc/idmap
rpc.idmapd: New client: d
rpc.idmapd: nfs4_name_to_uid: calling nsswitch->name_to_uid
rpc.idmapd: nss_getpwnam: name 'root@localdomain' domain 'li.rq': resulting localname '(null)'
rpc.idmapd: nss_getpwnam: name 'root@localdomain' does not map into domain 'li.rq'
rpc.idmapd: nfs4_name_to_uid: nsswitch->name_to_uid returned -22
rpc.idmapd: nfs4_name_to_uid: final return value is -22
rpc.idmapd: Client c: (user) name "root@localdomain" -> id "99"
rpc.idmapd: New client: e
rpc.idmapd: nfscb: read(/var/lib/nfs/rpc_pipefs//nfs/clntc/idmap): No such file or directory
rpc.idmapd: nfs4_name_to_gid: calling nsswitch->name_to_gid
rpc.idmapd: nfs4_name_to_gid: nsswitch->name_to_gid returned -22
rpc.idmapd: nfs4_name_to_gid: final return value is -22
rpc.idmapd: Client c: (group) name "usera@localdomain" -> id "99"
rpc.idmapd: Stale client: d
rpc.idmapd: -> closed /var/lib/nfs/rpc_pipefs//nfs/clntd/idmap