netbsd-users: Re: NFS - Netbsd Client

Subject: Re: NFS - Netbsd Client - Solaris Server
To: Timothy Arnold <timothy.arnold@becta.org.uk>
From: Greg A. Woods <woods@weird.com>
List: netbsd-users
Date: 05/16/2003 17:11:49
[ On Friday, May 16, 2003 at 12:19:06 (+0100), Timothy Arnold wrote: ]
> Subject: NFS - Netbsd Client - Solaris Server
>
> However, when it comes to the 'nobody' user I run in to difficulty.
> 
> When I setup the NetBSD machine I set the UID for nobody to 60001 to
> match the Solaris server. When I create files on the NFS filesystem,
> it creates them as '4294967294'

NFS servers, NetBSD and SunOS-[45] included, generally export
filesystems such that by default the client's superuser is mapped to the
user-ID and group-ID "-2:-2".  On systems with 32-bit uid_t/gid_t this
obviously maps out to the value you're seeing.

On *BSD servers you can change the mapping in /etc/exports with the
"-maproot=uid" option.

On SunOS-5.9 servers you can change the mapping with the "-o anon=uid"
option in /etc/dfstab (see share_nfs(1M) for a description of this
option.



On my NetBSD systems I use the following entries:

nobody:*:32767:39::0:0:The Unprivileged user:/nonexistent:/sbin/nologin
svr4nfsn:*:60001:60001::0:0:SysVr4 NFS user:/nonexistant:/sbin/nologin
svr4nacc:*:60002:60002::0:0:SysVr4 No Access user:/nonexistant:/sbin/nologin
xnfsnbdy:*:65534:65534::0:0:Various old NFS Anonymous (-2:16) user:/nonexistant:/sbin/nologin
xnogroup:*:65535:65535::0:0:Various old NFS No Access (-1:16) user:/nonexistant:/sbin/nologin
nfsanon:*:4294967294:4294967294::0:0:NFS anonymous (-2:32) user:/nonexistant:/sbin/nologin
nogroup:*:4294967295:4294967295::0:0:NFS No Access (-1:32) user:/nonexistant:/sbin/nologin


and I have also modified my system to allow the last two lines to work
properly with pwd_mkdb:

Index: syslimits.h
===================================================================
RCS file: /cvs/master/m-NetBSD/main/src/sys/sys/syslimits.h,v
retrieving revision 1.19
diff -c -u -r1.19 syslimits.h
--- syslimits.h 28 Mar 2001 08:45:34 -0000      1.19
+++ syslimits.h 20 Sep 2002 19:18:56 -0000
@@ -43,13 +43,13 @@
 #if !defined(_ANSI_SOURCE)
 #define        ARG_MAX          (256 * 1024)   /* max bytes for an exec function */
 #define        CHILD_MAX                 160   /* max simultaneous processes */
-#define        GID_MAX            2147483647U  /* max value for a gid_t (2^31-2) */
+#define        GID_MAX       ((~(uid_t)0)-1)   /* max value for a gid_t (2^32-1) */
 #define        LINK_MAX                32767   /* max file link count */
 #define        MAX_CANON                 255   /* max bytes in term canon input line */
 #define        MAX_INPUT                 255   /* max bytes in terminal input */
 #define        NAME_MAX                  255   /* max bytes in a file name */
 #define        NGROUPS_MAX                16   /* max supplemental group id's */
-#define        UID_MAX            2147483647U  /* max value for a uid_t (2^31-2) */
+#define        UID_MAX       ((~(uid_t)0)-1)   /* max value for a uid_t (2^32-1) */
 #define        OPEN_MAX                   64   /* max open files per process */
 #define        PATH_MAX                 1024   /* max bytes in pathname */
 #define        PIPE_BUF                  512   /* max bytes for atomic pipe writes */


-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>