All of lore.kernel.org
 help / color / mirror / Atom feed
From: Steve Dickson <SteveD@RedHat.com>
To: Daniel Kobras <kobras@puzzle-itc.de>
Cc: Linux NFS Mailing list <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH] exportd: server-side gid management
Date: Thu, 4 Mar 2021 16:28:38 -0500	[thread overview]
Message-ID: <5bf15701-bb19-8bba-79ad-924c7ad20f5b@RedHat.com> (raw)
In-Reply-To: <20210223161351.zzz62kuxn5bdfkqf@tuedko18.puzzle-itc.de>



On 2/23/21 11:13 AM, Daniel Kobras wrote:
> Ported manage-gids option from mountd
> 
> Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
Committed... Thanks!

steved.
> ---
> Hi Steve!
> 
> Option --manage-gids should still be useful with NFSv4 and AUTH_SYS, but 
> commit 15dc0bead10d20c31e72ca94ce21eb66dc3528d5 does not allow to actually
> control the global variable manage_gids from exportd. I assume something
> like the following was intended?
> 
> Kind regards,
> 
> Daniel
> 
>  nfs.conf                  |  1 +
>  utils/exportd/exportd.c   |  8 +++++++-
>  utils/exportd/exportd.man | 16 ++++++++++++++++
>  3 files changed, 24 insertions(+), 1 deletion(-)
> 
> diff --git a/nfs.conf b/nfs.conf
> index bebb2e3d..e69ec16d 100644
> --- a/nfs.conf
> +++ b/nfs.conf
> @@ -31,6 +31,7 @@
>  #
>  [exportd]
>  # debug="all|auth|call|general|parse"
> +# manage-gids=n
>  # state-directory-path=/var/lib/nfs
>  # threads=1
>  [mountd]
> diff --git a/utils/exportd/exportd.c b/utils/exportd/exportd.c
> index 7130bcbf..0d7782be 100644
> --- a/utils/exportd/exportd.c
> +++ b/utils/exportd/exportd.c
> @@ -42,6 +42,7 @@ static struct option longopts[] =
>  	{ "foreground", 0, 0, 'F' },
>  	{ "debug", 1, 0, 'd' },
>  	{ "help", 0, 0, 'h' },
> +	{ "manage-gids", 0, 0, 'g' },
>  	{ "num-threads", 1, 0, 't' },
>  	{ NULL, 0, 0, 0 }
>  };
> @@ -174,6 +175,7 @@ usage(const char *prog, int n)
>  {
>  	fprintf(stderr,
>  		"Usage: %s [-f|--foreground] [-h|--help] [-d kind|--debug kind]\n"
> +"	[-g|--manage-gids]\n"
>  "	[-s|--state-directory-path path]\n"
>  "	[-t num|--num-threads=num]\n", prog);
>  	exit(n);
> @@ -188,6 +190,7 @@ read_exportd_conf(char *progname, char **argv)
>  
>  	xlog_set_debug(progname);
>  
> +	manage_gids = conf_get_bool("exportd", "manage-gids", manage_gids);
>  	num_threads = conf_get_num("exportd", "threads", num_threads);
>  
>  	s = conf_get_str("exportd", "state-directory-path");
> @@ -214,7 +217,7 @@ main(int argc, char **argv)
>  	/* Read in config setting */
>  	read_exportd_conf(progname, argv);
>  
> -	while ((c = getopt_long(argc, argv, "d:fhs:t:", longopts, NULL)) != EOF) {
> +	while ((c = getopt_long(argc, argv, "d:fghs:t:", longopts, NULL)) != EOF) {
>  		switch (c) {
>  		case 'd':
>  			xlog_sconfig(optarg, 1);
> @@ -222,6 +225,9 @@ main(int argc, char **argv)
>  		case 'f':
>  			foreground++;
>  			break;
> +		case 'g':
> +			manage_gids = 1;
> +			break;
>  		case 'h':
>  			usage(progname, 0);
>  			break;
> diff --git a/utils/exportd/exportd.man b/utils/exportd/exportd.man
> index 1d65b5e0..d7884562 100644
> --- a/utils/exportd/exportd.man
> +++ b/utils/exportd/exportd.man
> @@ -51,6 +51,21 @@ spawns.  The default is 1 thread, which is probably enough.  More
>  threads are usually only needed for NFS servers which need to handle
>  mount storms of hundreds of NFS mounts in a few seconds, or when
>  your DNS server is slow or unreliable.
> +.TP
> +.BR \-g " or " \-\-manage-gids
> +Accept requests from the kernel to map user id numbers into lists of
> +group id numbers for use in access control.  An NFS request will
> +normally (except when using Kerberos or other cryptographic
> +authentication) contain a user-id and a list of group-ids.  Due to a
> +limitation in the NFS protocol, at most 16 groups ids can be listed.
> +If you use the
> +.B \-g
> +flag, then the list of group ids received from the client will be
> +replaced by a list of group ids determined by an appropriate lookup on
> +the server. Note that the 'primary' group id is not affected so a
> +.B newgroup
> +command on the client will still be effective.  This function requires
> +a Linux Kernel with version at least 2.6.21.
>  .SH CONFIGURATION FILE
>  Many of the options that can be set on the command line can also be
>  controlled through values set in the
> @@ -63,6 +78,7 @@ configuration file.
>  Values recognized in the
>  .B [exportd]
>  section include 
> +.BR manage-gids ", and"
>  .B debug 
>  which each have the same effect as the option with the same name.
>  .SH FILES
> 


  reply	other threads:[~2021-03-04 21:29 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-19 20:08 [PATCH 0/7 V4] The NFSv4 only mounting daemon Steve Dickson
2021-02-19 20:08 ` [PATCH 1/7] exportd: the initial shell of the v4 export support Steve Dickson
2021-02-19 20:08 ` [PATCH 2/7] exportd: Moved cache upcalls routines into libexport.a Steve Dickson
2021-02-23 16:13   ` [PATCH] exportd: server-side gid management Daniel Kobras
2021-03-04 21:28     ` Steve Dickson [this message]
2021-02-19 20:08 ` [PATCH 3/7] exportd: multiple threads Steve Dickson
2021-02-19 20:08 ` [PATCH 4/7] exportd/exportfs: Add the state-directory-path option Steve Dickson
2021-02-19 20:08 ` [PATCH 5/7] exportd: Enabled junction support Steve Dickson
2021-02-19 20:08 ` [PATCH 6/7] exportd: systemd unit files Steve Dickson
2021-02-19 20:08 ` [PATCH 7/7] exportd: Added config variable to compile in the NFSv4 only server Steve Dickson
2021-02-20 16:33 ` [PATCH 0/7 V4] The NFSv4 only mounting daemon Steve Dickson
2021-02-24 20:30 ` J. Bruce Fields
2021-03-02 22:33   ` Steve Dickson
2021-03-03 15:23     ` J. Bruce Fields
2021-03-03 21:22       ` Steve Dickson
2021-03-03 21:54         ` J. Bruce Fields
2021-03-03 22:07           ` Steve Dickson
2021-03-03 22:17             ` J. Bruce Fields
2021-03-04 13:57               ` Steve Dickson
2021-03-04 14:06                 ` J. Bruce Fields
2021-03-04 16:31                   ` Steve Dickson
2021-03-05 14:36                     ` J. Bruce Fields
2021-03-05 15:53                       ` Chuck Lever
2021-03-04 13:42           ` Steve Dickson
2021-03-04 14:01             ` J. Bruce Fields
2021-03-04 16:47               ` Steve Dickson
2021-03-04 21:31               ` Patrick Goetz
2021-03-04 13:34       ` Steve Dickson
2021-03-04 14:24         ` J. Bruce Fields
2021-03-04 16:20           ` Steve Dickson
2021-02-24 20:49 ` J. Bruce Fields
2021-03-02 22:39   ` Steve Dickson
2021-03-03 18:10     ` Chuck Lever
2021-03-03 21:24       ` Steve Dickson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5bf15701-bb19-8bba-79ad-924c7ad20f5b@RedHat.com \
    --to=steved@redhat.com \
    --cc=kobras@puzzle-itc.de \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.