trusty (5) nfsidmap.5.gz

Provided by: nfs-common_1.2.8-6ubuntu1.2_amd64 bug

NAME
       nfsidmap - The NFS idmapper upcall program


SYNOPSIS
       nfsidmap [-v] [-t timeout] key desc
       nfsidmap [-v] [-c]
       nfsidmap [-v] [-u|-g|-r user]


DESCRIPTION
       The  file  /usr/sbin/nfsidmap is used by the NFS idmapper to translate user and group ids into names, and
       to translate user and group names into ids. Idmapper uses request-key to perform the upcall and cache the
       result.   /usr/sbin/nfsidmap  is  called  by  /sbin/request-key,  and  will  perform  the translation and
       initialize a key with the resulting information.

       nfsidmap can also used to clear the keyring of all the keys or revoke one particular key.  This is useful
       when the id mappings have failed to due to a lookup error resulting in all the cached uids/gids to be set
       to the user id nobody.


OPTIONS
       -c     Clear the keyring of all the keys.

       -g user
              Revoke the gid key of the given user.

       -r user
              Revoke both the uid and gid key of the given user.

       -t timeout
              Set the expiration timer, in seconds, on the key.  The default is 600 seconds (10 mins).

       -u user
              Revoke the uid key of the given user.

       -v     Increases the verbosity of the output to syslog (can be specified multiple times).


CONFIGURING
       The file /etc/request-key.conf will need to be modified so  /sbin/request-key  can  properly  direct  the
       upcall. The following line should be added before a call to keyctl negate:

       create    id_resolver    *    *    /usr/sbin/nfsidmap -t 600 %k %d

       This will direct all id_resolver requests to the program /usr/sbin/nfsidmap.  The -t 600 defines how many
       seconds into the future the key will expire.  This is an optional parameter  for  /usr/sbin/nfsidmap  and
       will default to 600 seconds when not specified.

       The idmapper system uses four key descriptions:

              uid: Find the UID for the given user
              gid: Find the GID for the given group
             user: Find the user name for the given UID
            group: Find the group name for the given GID

       You can choose to handle any of these individually, rather than using the generic upcall program.  If you
       would like to use your own program for a uid lookup then you would edit your request-key.conf so it looks
       similar to this:

       create    id_resolver    uid:*     *    /some/other/program %k %d
       create    id_resolver    *         *    /usr/sbin/nfsidmap %k %d

       Notice  that  the  new  line was added above the line for the generic program.  request-key will find the
       first matching line and run the corresponding program.  In this case, /some/other/program will handle all
       uid lookups, and /usr/sbin/nfsidmap will handle gid, user, and group lookups.


AUTHOR
       Bryan Schumaker, <bjschuma@netapp.com>

                                                 1 October 2010                                      nfsidmap(5)