Why is file ownership inconsistent between two systems mounting the same NFS share?

linux permissions users nfs aix

19,336

Solution 1

Remember that each of the NFS client systems will determine the username by looking up the numerical UID locally using the local system's /etc/passwd, or in your centralized user database. The NFS server only stores the UID in numerical format, and does not know about usernames. This is also true for group names vs. GIDs.

In your case, serverA and serverB must have different usernames listed in /etc/passwd

To test this, use ls -n to display user and group IDs numerically, rather than converting to a user or group name in a long (-l) output. If the ls -n option is not available on AIX, consult the manpage for this feature.

To see the username-to-uid mapping, do one of the following on both serverA and serverB.

grep $THEUSERID /etc/passwd

Or, it's a good habit to use getent, since it works with /etc/password, and directory services (LDAP, etc.):

getent passwd $THEUSERID

The UIDs should be the same on both systems, but the usernames will be different.

Solution 2

You've come up against what I call the Number 1 rule of NFS exporting:

Never export a mount as writable to a client unless that client uses the same UID mapping as the server does.

In order words, the file server owner should demand that all potential NFS clients use the same centralized user database (NIS, NIS+, LDAP, Kerberos, etc).

Solution 3

I've also encountered your problem and managed to solve it with this:

Indeed, NEED_IDMAPD was not set in the file /etc/default/nfs-common on the client side.

Setting NEED_IDMAPD=yes on the client as well resolved the issue. Now client correctly shows user names and groups.

19,336

Alvin Sim

Updated on September 17, 2022

Comments

Alvin Sim almost 2 years
I have one IBM AIX server (serverA) which is connected to the san storage. I have created a volume group and also file system (jfs2) and mounted to directory /profit.

After that I created a NFS share for that directory and started the NFS daemon.

Over at another server, which is IBM AIX also (serverB), I created a mount point /profit and mounted the nfs share from serverA to serverB using the below command: mount 192.168.10.1:/profit /profit

On serverB, I am able to access the directory and list the files in it. But the strange thing is, on serverA, the directory and files are under the oracle user ownership. But in serverB, i see them as a different user.

When I touch a file in that directory at serverB, on serverA, I see it as another user id.

Any clue how I can fix this?

Below is the file listing from serverB
```
$ ls -l
total 0
-rwxrwxrwx    1 root     system            0 Mar 16 15:00 haha
-rwxrwxrwx    1 radiusd  radiusd           0 Mar 16 15:19 haha2
-rwxrwxrwx    1 radiusd  radiusd           0 Mar 16 15:31 haha3
-rw-r--r--    1 oracle   oinstall          0 Mar 17 2011  hahah3
drwxrwxrwx    2 radiusd  radiusd         256 Mar 16 14:40 lost+found
```
On serverA it looks like below:
```
# ls -l /profit
total 0
-rwxrwxrwx    1 root     system            0 Mar 16 15:00 haha
-rwxrwxrwx    1 oracle   dba               0 Mar 16 15:19 haha2
-rwxrwxrwx    1 oracle   dba               0 Mar 16 15:31 haha3
-rw-r--r--    1 10       sshd              0 Mar 17 16:01 hahah3
drwxrwxrwx    2 oracle   dba             256 Mar 16 14:40 lost+found
```
Below is the /etc/exports file from serverA
```
# more /etc/exports
/profit -vers=3,sec=sys:krb5p:krb5i:krb5:dh,rw
```
Thanks.
- forcefsck over 13 years
  
  The filesystem doesn't store username info, it only stores the user identifier (UID). In your case, the serverA has a different "username to user id" mapping than serverB.
mattdm over 13 years

(Not necessarily /etc/passwd. Could come from a centralized directory service — which is basically mandatory for sanity on any large deployment of NFS.)
Mark Norgren over 13 years

Yes, very true.