NFS server: Generic uid and gid remapping for AUTH_SYS
There are various NFS deployments where it is desired to be able to extend the existing root/root_mapping share_nfs(1m) options to allow generic user remapping.
For example, we had a case where we would like to have the root user from client1 mapped at the server to user jack, while root from client2 should be mapped at the server to user jill.
The traditional share options allows either root=client1,root_mapping=jack to satisfy client1, or root=client2,root_mapping=jill to satisfy client2. It is not possible to combine such options somehow to make it working as desired.
To solve this issue we introduce the generic user and group remapping using two new share_nfs options uidmap and gidmap. The above use case is easily implementable using the following setup:
Here is the relevant part of the share_nfs(1m) man page related to uidmap (gidmap is similar):
uidmap=mapping[~mapping]... Where mapping is: [clnt]:[srv]:access_list Allows to remap the user ID (uid) in the incoming request to some other uid. This effectively changes the user's identity presented to the NFS server. For clients where the uid in the incoming request is clnt and the client matches the access_list, change the user ID to srv. If clnt is asterisk (*), all users are mapped by this rule. If clnt is omitted, all unknown users are mapped by this rule. If srv is set to -1, access is denied. If srv is omitted, the uid is mapped to UID_NOBODY. All mappings are evaluated in the specified order until a match is found. Both root= and root_mapping= options (if specified) are evaluated before the uidmap= option. The uidmap= option is skipped in a case the client matches the root= option. The uidmap= option is evaluated before the anon= option. This option is supported only for AUTH_SYS.