On Fri, Dec 15, 2006 at 04:01:23PM +0100, Thiemo Nagel wrote: > The nfs-kernel-server seems to silently ignore the map_daemon option. I > don't know whether uid/gid mapping via ugidd is a feature of > nfs-kernel-server or not, i.e. whether map_daemon should work at all, > however silently ignoring the option has (maybe mild, feel free to > adjust the proposed severity) security implications:
I'm not sure what the option is even supposed to do. The only reference I can find to it is in a commented-out section of the exports man page; I believe it's parsed for legacy reasons only. Anyhow, NFSv4 does away with the uid stuff completely, so I'm not sure how relevant this is. I could of course make a patch that just removes the map_daemon handling, but I'm unsure whether it has any uses at all. Also note if (exp->m_export.e_maptype != CLE_MAP_IDENT) { xlog(L_ERROR, "%s: unsupported mapping; kernel supports only 'identity' (default)", exp->m_export.m_path); errno = EINVAL; return 0; } so it looks like it _should_ just give an error. Any ideas? /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]