~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/admin-guide/nfs/nfs-idmapper.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/admin-guide/nfs/nfs-idmapper.rst (Version linux-6.12-rc7) and /Documentation/admin-guide/nfs/nfs-idmapper.rst (Version linux-4.18.20)


  1 =============                                     
  2 NFS ID Mapper                                     
  3 =============                                     
  4                                                   
  5 Id mapper is used by NFS to translate user and    
  6 translate user and group names into ids.  Part    
  7 performing an upcall to userspace to request t    
  8 ways NFS could obtain this information: placin    
  9 or by placing a call to the rpc.idmap daemon.     
 10                                                   
 11 NFS will attempt to call /sbin/request-key fir    
 12 result will be cached using the generic reques    
 13 only fail if /etc/request-key.conf is not conf    
 14 type, see the "Configuring" section below if y    
 15 method.                                           
 16                                                   
 17 If the call to /sbin/request-key fails (if /et    
 18 configured with the id_resolver key type), the    
 19 legacy rpc.idmap daemon for the id mapping.  T    
 20 in a custom NFS idmap cache.                      
 21                                                   
 22                                                   
 23 Configuring                                       
 24 ===========                                       
 25                                                   
 26 The file /etc/request-key.conf will need to be    
 27 direct the upcall.  The following line should     
 28                                                   
 29 ``#OP   TYPE    DESCRIPTION     CALLOUT INFO      
 30 ``#======       ======= =============== ======    
 31 ``create        id_resolver     *       *         
 32                                                   
 33                                                   
 34 This will direct all id_resolver requests to t    
 35 The last parameter, 600, defines how many seco    
 36 expire.  This parameter is optional for /usr/s    
 37 is not specified, nfs.idmap will default to 60    
 38                                                   
 39 id mapper uses for key descriptions::             
 40                                                   
 41           uid:  Find the UID for the given use    
 42           gid:  Find the GID for the given gro    
 43          user:  Find the user  name for the gi    
 44         group:  Find the group name for the gi    
 45                                                   
 46 You can handle any of these individually, rath    
 47 program.  If you would like to use your own pr    
 48 would edit your request-key.conf so it look si    
 49                                                   
 50 ``#OP   TYPE    DESCRIPTION     CALLOUT INFO      
 51 ``#======       ======= =============== ======    
 52 ``create        id_resolver     uid:*   *         
 53 ``create        id_resolver     *       *         
 54                                                   
 55                                                   
 56 Notice that the new line was added above the l    
 57 request-key will find the first matching line     
 58 this case, /some/other/program will handle all    
 59 /usr/sbin/nfs.idmap will handle gid, user, and    
 60                                                   
 61 See Documentation/security/keys/request-key.rs    
 62 about the request-key function.                   
 63                                                   
 64                                                   
 65 nfs.idmap                                         
 66 =========                                         
 67                                                   
 68 nfs.idmap is designed to be called by request-    
 69 hand".  This program takes two arguments, a se    
 70 description.  The serialized key is first conv    
 71 then passed as an argument to keyctl_instantia    
 72                                                   
 73 The actual lookups are performed by functions     
 74 determines the correct function to call by loo    
 75 description string.  For example, a uid lookup    
 76 "uid:user@domain".                                
 77                                                   
 78 nfs.idmap will return 0 if the key was instant    
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php