Feature #4943
NFS server: Generic uid and gid remapping for AUTH_SYS
100%
Description
There are various NFS deployments where it is desired to be able to extend the existing root/root_mapping share_nfs(1m) options to allow generic user remapping.
For example, we had a case where we would like to have the root user from client1 mapped at the server to user jack, while root from client2 should be mapped at the server to user jill.
The traditional share options allows either root=client1,root_mapping=jack to satisfy client1, or root=client2,root_mapping=jill to satisfy client2. It is not possible to combine such options somehow to make it working as desired.
To solve this issue we introduce the generic user and group remapping using two new share_nfs options uidmap and gidmap. The above use case is easily implementable using the following setup:
uidmap=0:jack:client1~0:jill:client2
Here is the relevant part of the share_nfs(1m) man page related to uidmap (gidmap is similar):
uidmap=mapping[~mapping]...
Where mapping is:
[clnt]:[srv]:access_list
Allows to remap the user ID (uid) in the incoming
request to some other uid. This effectively changes
the user's identity presented to the NFS server.
For clients where the uid in the incoming request is
clnt and the client matches the access_list, change
the user ID to srv. If clnt is asterisk (*), all
users are mapped by this rule. If clnt is omitted,
all unknown users are mapped by this rule. If srv
is set to -1, access is denied. If srv is omitted,
the uid is mapped to UID_NOBODY.
All mappings are evaluated in the specified order
until a match is found. Both root= and
root_mapping= options (if specified) are evaluated
before the uidmap= option. The uidmap= option is
skipped in a case the client matches the root=
option.
The uidmap= option is evaluated before the anon=
option.
This option is supported only for AUTH_SYS.
Related issues
Updated by 
Updated by