Today I finally learned how to solve the NFS UID problem on Ubuntu.

You see, NFS normally does it’s permissions by numeric UID. If the UIDs on two different machines don’t match, then NFS permission checking doesn’t work; you don’t get access to your own files, and you might get access to somebody else’s files instead!

Ubuntu, of course, has no standard UIDs, not even for system services. So my four ubuntu boxes here each have different username <> UID maps.

Enter the ugidd package, which is an RPC daemon that runs on the client. The NFS server calls this daemon when a mount request comes in, and dynamically builds a UID map between the server and the client, based on the string usernames. As a side effect, it also seems to map userids that are not assigned on the client to ‘nobody’. In this way, the nfs server can map UIDs between systems, without the administrator (that’s me!) maintaining static map files.

The one downside is that this feature requires the user-space NFS server instead of the kernel nfs server, so performance suffers a bit. I have CPU to spare, though!

Now I can use NFS between my MythTV boxes :-)

posted at 12:56 pm on Wednesday, March 12, 2008 in Personal, Security | Comments Off on rpc.ugidd

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.