From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12BB1C282DD for ; Fri, 10 Jan 2020 23:25:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DD1B72084D for ; Fri, 10 Jan 2020 23:25:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="G1a9qXEt" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727647AbgAJXZG (ORCPT ); Fri, 10 Jan 2020 18:25:06 -0500 Received: from mail-qv1-f51.google.com ([209.85.219.51]:45178 "EHLO mail-qv1-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727701AbgAJXZF (ORCPT ); Fri, 10 Jan 2020 18:25:05 -0500 Received: by mail-qv1-f51.google.com with SMTP id l14so1584794qvu.12; Fri, 10 Jan 2020 15:25:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=H+ZY7mgwtaDq8KuNs5XppAH1no6Df53vnlu2/x+Z9PQ=; b=G1a9qXEtwVi0udBWdjEfIDOV+7+LYNi0HI0nlET9Jda6nxu0OPAgHaKpT8IGNYRMRp DaZBguNfKF0TzKGDD0xJSFxWX4yYtde/CqbTidE4nRuZClnxdOE4+J5gTkRSdLJMpgsi YGmtcO08AW5JJDzB2ixBmrWl30pQ3FeuzJuBmtiVxgbKrh0w+P6IKx0+a2wWNc7/117d ti3dU73JBXdXQnOMqpvwojeUXRJgjgzNIhpbxUfxYpiy/1wlc0RG45WvnwOteEdHEwhk K/10fv2BtfBmvuPFAOcXO3cjAYmWImsFsPlZedkOGIz4qKtQJjmkqe7iAUw3QdQOz2Wq aylA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=H+ZY7mgwtaDq8KuNs5XppAH1no6Df53vnlu2/x+Z9PQ=; b=O0514OWrvFzyMKhbWqbOo6vvwGiw/A0/9KiO4eOdFyo9Wej15cGKQKodan4VRlleX8 h/wmbLm8ZgaJz6JlV5gpJHyS6MfZlxQxx0hOYRtMZNlZFRPztnd5x/iBWWrXkyM7HX4F lyw3Q54nkrp2eA8tPRgoyQFM43WjxSbkLr2FOHApZzPnko3u8WQF/Wsa93ZztbCEsC/+ Nux6ySifPBw1d5aB88Tq304VGpkLBSGbHA/922MnVw3hLsizywzm4jhtBxczZzQfRo7v gOLiFSj+1hGfYL+nuO8RT9StT1Q3iQ6G9TIS6WGFbAb/T6KeCh3KthbAXtBQE6CTjIF3 if0A== X-Gm-Message-State: APjAAAXcottWnN+OEnkMNfPy13lhVJbL6vMirjOVBFVTXGCR1uhts2uf uUfap9lWfoOA+Iz1aLXY4Uc= X-Google-Smtp-Source: APXvYqywaxv/4W61MsXR0lXk/r/G7UGTH2VvMTlVbJLSlyaH9W7LZanEPioETxq8v7L7Q7M6jDGsYg== X-Received: by 2002:a0c:a998:: with SMTP id a24mr1145404qvb.11.1578698704116; Fri, 10 Jan 2020 15:25:04 -0800 (PST) Received: from localhost.localdomain ([2804:14d:72b1:8920:a2ce:f815:f14d:bfac]) by smtp.gmail.com with ESMTPSA id i2sm1774752qte.87.2020.01.10.15.25.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2020 15:25:03 -0800 (PST) From: "Daniel W. S. Almeida" X-Google-Original-From: Daniel W. S. Almeida To: mchehab+samsung@kernel.org, corbet@lwn.net Cc: "Daniel W. S. Almeida" , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, skhan@linuxfoundation.org, linux-kernel-mentees@lists.linuxfoundation.org Subject: [PATCH v4 6/9] Documentation: nfs: idmapper: convert to ReST Date: Fri, 10 Jan 2020 20:24:28 -0300 Message-Id: <069e40cd551ea778538f8fe9ad15ee26e45fc748.1578697871.git.dwlsalmeida@gmail.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-doc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-doc@vger.kernel.org From: "Daniel W. S. Almeida" Convert idmapper.txt to ReST and move it to admin-guide. Content remains mostly unchanged otherwise. Signed-off-by: Daniel W. S. Almeida --- Documentation/admin-guide/nfs/index.rst | 1 + .../nfs/nfs-idmapper.rst} | 31 ++++++++++--------- 2 files changed, 18 insertions(+), 14 deletions(-) rename Documentation/{filesystems/nfs/idmapper.txt => admin-guide/nfs/nfs-idmapper.rst} (81%) diff --git a/Documentation/admin-guide/nfs/index.rst b/Documentation/admin-guide/nfs/index.rst index e0b2f4260ad7..8376d5225fc2 100644 --- a/Documentation/admin-guide/nfs/index.rst +++ b/Documentation/admin-guide/nfs/index.rst @@ -9,3 +9,4 @@ NFS nfsroot nfs-rdma nfsd-admin-interfaces + nfs-idmapper diff --git a/Documentation/filesystems/nfs/idmapper.txt b/Documentation/admin-guide/nfs/nfs-idmapper.rst similarity index 81% rename from Documentation/filesystems/nfs/idmapper.txt rename to Documentation/admin-guide/nfs/nfs-idmapper.rst index b86831acd583..58b8e63412d5 100644 --- a/Documentation/filesystems/nfs/idmapper.txt +++ b/Documentation/admin-guide/nfs/nfs-idmapper.rst @@ -1,7 +1,7 @@ +============= +NFS ID Mapper +============= -========= -ID Mapper -========= Id mapper is used by NFS to translate user and group ids into names, and to translate user and group names into ids. Part of this translation involves performing an upcall to userspace to request the information. There are two @@ -20,22 +20,24 @@ legacy rpc.idmap daemon for the id mapping. This result will be stored in a custom NFS idmap cache. -=========== Configuring =========== + The file /etc/request-key.conf will need to be modified so /sbin/request-key can direct the upcall. The following line should be added: -#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ... -#====== ======= =============== =============== =============================== -create id_resolver * * /usr/sbin/nfs.idmap %k %d 600 +``#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ...`` +``#====== ======= =============== =============== ===============================`` +``create id_resolver * * /usr/sbin/nfs.idmap %k %d 600`` + This will direct all id_resolver requests to the program /usr/sbin/nfs.idmap. The last parameter, 600, defines how many seconds into the future the key will expire. This parameter is optional for /usr/sbin/nfs.idmap. When the timeout is not specified, nfs.idmap will default to 600 seconds. -id mapper uses for key descriptions: +id mapper uses for key descriptions:: + uid: Find the UID for the given user gid: Find the GID for the given group user: Find the user name for the given UID @@ -45,23 +47,24 @@ You can handle any of these individually, rather than using the generic upcall program. If you would like to use your own program for a uid lookup then you would edit your request-key.conf so it look similar to this: -#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ... -#====== ======= =============== =============== =============================== -create id_resolver uid:* * /some/other/program %k %d 600 -create id_resolver * * /usr/sbin/nfs.idmap %k %d 600 +``#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ...`` +``#====== ======= =============== =============== ===============================`` +``create id_resolver uid:* * /some/other/program %k %d 600`` +``create id_resolver * * /usr/sbin/nfs.idmap %k %d 600`` + Notice that the new line was added above the line for the generic program. request-key will find the first matching line and corresponding program. In this case, /some/other/program will handle all uid lookups and /usr/sbin/nfs.idmap will handle gid, user, and group lookups. -See for more information +See Documentation/security/keys/request-key.rst for more information about the request-key function. -========= nfs.idmap ========= + nfs.idmap is designed to be called by request-key, and should not be run "by hand". This program takes two arguments, a serialized key and a key description. The serialized key is first converted into a key_serial_t, and -- 2.24.1