Yes the default squash is to 99.
I did test setting the squash_g/uid to 0, and the behaviour did change. But
that just seems to let root take actions on files/dirs owned by root .
Is that how the nodemaps are supposed to work? It seems odd to me that setting
admin to off and trusted to on doesn't allow clients to mount unless I also go
in and set root to 0:0.
Under the old way you just set the squash u/gid and then set your norootsquash
list (a method I've been using for years).
[root@scmds2501 ~]# lctl get_param -R nodemap.default.*
nodemap.default.admin_nodemap=0
nodemap.default.audit_mode=1
nodemap.default.deny_unknown=0
nodemap.default.exports=
[
{ nid: 172.17.1.127@o2ib, uuid: 5dd1bac6-cb91-1169-183d-f084efaba32d }, { nid:
172.17.1.221@o2ib, uuid: bd67c3f7-8a44-4fac-8685-2e234742a2c2 },
]
nodemap.default.fileset=
nodemap.default.forbid_encryption=0
nodemap.default.id=0
nodemap.default.map_mode=all
nodemap.default.squash_gid=99
nodemap.default.squash_projid=99
nodemap.default.squash_uid=99
nodemap.default.trusted_nodemap=1
________________________________
From: lustre-discuss <[email protected]> on behalf of
[email protected]
<[email protected]>
Sent: Friday, February 13, 2026 4:04 PM
To: [email protected] <[email protected]>
Subject: [EXTERNAL] lustre-discuss Digest, Vol 239, Issue 19
Send lustre-discuss mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.lustre.org_listinfo.cgi_lustre-2Ddiscuss-2Dlustre.org&d=DwICAg&c=CJqEzB1piLOyyvZjb8YUQw&r=a1-ymUluZsecMceDMlAHsomwMJl4Iqg-UcfvwQZVldk&m=kz9q20-DXpg7quLZcf40us_D3ehPJZJhFAlVJr744ciuZjyv-rEIsSs0kjdT-gw6&s=Bb3fge-EG_Cx4csq80n962jK_9vM_c270nkN8bxGfwU&e=
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of lustre-discuss digest..."
Today's Topics:
1. Re: getting "permission dendied" on mount when trying to use
nodemaps for root squashing (Hans Henrik Happe)
----------------------------------------------------------------------
Message: 1
Date: Fri, 13 Feb 2026 14:29:54 +0100
From: Hans Henrik Happe <[email protected]>
To: [email protected]
Subject: Re: [lustre-discuss] getting "permission dendied" on mount
when trying to use nodemaps for root squashing
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hi,
Have you looked at the squash id's. I think they defaults to 99, but
RHEL uses another id for the nobody user.
A full list of parameters would make it easier to give input. If you
could post this:
lctl get_param nodemap.default.*
Cheers,
Hans Henrik
On 09/02/2026 16.05, Kurt Strosahl via lustre-discuss wrote:
> Good Morning,
>
> ? ?I'm trying to set up nodemaps on a new lustre file system.
> Presently when I turn on the nodemaps I get permission denied for
> servers in the default nodemap.
>
> I've defined two custom nodemaps.? An AdminSystems nodemap (for
> servers that will need to perform actions as root, and a LustreServers
> nodemap (for the lustre servers themselves)
>
> Every other client will be in the default map. (whose gid/uid/projid
> mappings we trust)
>
> I set the following:
> [root@scmds2501 ~]# lctl get_param nodemap.*.admin_nodemap
> nodemap.AdminSystems.admin_nodemap=1
> nodemap.LustreServers.admin_nodemap=1
> Nodemap.default.admin_nodemap=0
>
> [root@scmds2501 ~]# lctl get_param nodemap.*.trusted_nodemap
> nodemap.AdminSystems.trusted_nodemap=1
> nodemap.LustreServers.trusted_nodemap=1
> Nodemap.default.trusted_nodemap=1
>
> When I turn on the nodemap feature I get a permission denied when
> mounting on a client node that isn't in the Admin nodemap.
>
> Interestingly, on a test client that was mounted before I turned on
> the nodemap I can write files as myself (into a directory that I
> established beforehand owned by me).
>
> Our desired end state is an Admin nodemap we can add and remove
> systems to as needed that can take action as root, and all other
> lustre clients being able to access the file system, but having no
> root access.? The LustreServers nodemap is there to keep the lustre
> file servers themselves safe from any unexpected changes.
>
> w/r,
>
> Kurt J. Strosahl (he/him)
> System Administrator: Lustre, HPC
> Scientific Computing Group, Thomas Jefferson National Accelerator Facility
>
>
> _______________________________________________
> lustre-discuss mailing list
> [email protected]
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.lustre.org_listinfo.cgi_lustre-2Ddiscuss-2Dlustre.org&d=DwICAg&c=CJqEzB1piLOyyvZjb8YUQw&r=a1-ymUluZsecMceDMlAHsomwMJl4Iqg-UcfvwQZVldk&m=kz9q20-DXpg7quLZcf40us_D3ehPJZJhFAlVJr744ciuZjyv-rEIsSs0kjdT-gw6&s=Bb3fge-EG_Cx4csq80n962jK_9vM_c270nkN8bxGfwU&e=
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.lustre.org_pipermail_lustre-2Ddiscuss-2Dlustre.org_attachments_20260213_6c4ae96c_attachment-2D0001.htm&d=DwICAg&c=CJqEzB1piLOyyvZjb8YUQw&r=a1-ymUluZsecMceDMlAHsomwMJl4Iqg-UcfvwQZVldk&m=kz9q20-DXpg7quLZcf40us_D3ehPJZJhFAlVJr744ciuZjyv-rEIsSs0kjdT-gw6&s=2Vw5XlY4oOvfC42sBRy_RFNVzPPvNRJ-0QYvpImxRek&e=
>
------------------------------
Subject: Digest Footer
_______________________________________________
lustre-discuss mailing list
[email protected]
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.lustre.org_listinfo.cgi_lustre-2Ddiscuss-2Dlustre.org&d=DwICAg&c=CJqEzB1piLOyyvZjb8YUQw&r=a1-ymUluZsecMceDMlAHsomwMJl4Iqg-UcfvwQZVldk&m=kz9q20-DXpg7quLZcf40us_D3ehPJZJhFAlVJr744ciuZjyv-rEIsSs0kjdT-gw6&s=Bb3fge-EG_Cx4csq80n962jK_9vM_c270nkN8bxGfwU&e=
------------------------------
End of lustre-discuss Digest, Vol 239, Issue 19
***********************************************
_______________________________________________
lustre-discuss mailing list
[email protected]
http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
