Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp16810871ybl; Wed, 1 Jan 2020 14:27:47 -0800 (PST) X-Google-Smtp-Source: APXvYqyN2u4RZ89xiAwn3+DaWxVLefJTao7eM9ZBdTbULDY7WAb1WPUYzm6nF+2iNtBIG4TDQwxG X-Received: by 2002:a9d:2264:: with SMTP id o91mr90106183ota.328.1577917667104; Wed, 01 Jan 2020 14:27:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1577917667; cv=none; d=google.com; s=arc-20160816; b=XwlT2c2NeMCpsOwjjTvSPOT/Zf3hZldv8u2hfX9dmUN5vxRd6j+F/OT3ktAxJaNekL Vrguua6fOViAQ4M3K06DUKx3YkLC7iQIkXbrByZbtQhlENJCVR0VWP+dLSbbKnsOX7wN 011ktFFPBDmV7ATkNcJbvinUrU51njDVLAw9IQ6fk/73cy3Ow4iCbMZOhG9GHUmOaahI 8ed9kFaXaARHO60WA+PRHQqaBYbh89TRNNd/ZTGsBXT+PWVXW/hrZSd2chqWKZXWBCPw 3hAFV0AlQ5KemhKv4ZbFYzjBuD+r2NQsPa9HnuuaA7Vt/vx5cBl1zQSuKIIvj86BAXrk GOyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=uR3f0Y5+qpw7GzuSpDtOazUC6VJQJeKwTwbFDTwTBCA=; b=HslQn/KDlk/nQlskMIUKEXu2mCj5Z3giC9r+ZERgv9VFPa6GpFY6AdHnfzWtMeboiq FNvNWMyIFc/K591Rqy5HbI9pjqS10/EVekSjSVj2n401iRGMXK/XdVvIsTndG2OtB+7z CYcFSgAxPg+7MjDIjicXKxyaoEhzgEcOUrdh8daX4yfF/hebeIviSkZ/3K3nszZ8UVhv 3fT3h0pbFs3s2urAk9xSih9ii43gcUihKXG1uaPl0/JAciJF06jREiWA7BBKbR4otjZC IqWnFSv3z3ObNVQtqs10W5HQdHHZIKENEiV6OFKQmR/i6Z/XrECwLGqf84PrCQThPSDF eTcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=CU2NII8F; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w202si17171650oiw.194.2020.01.01.14.27.35; Wed, 01 Jan 2020 14:27:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=CU2NII8F; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727509AbgAAW0n (ORCPT + 99 others); Wed, 1 Jan 2020 17:26:43 -0500 Received: from mail-pj1-f41.google.com ([209.85.216.41]:52864 "EHLO mail-pj1-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727496AbgAAW0m (ORCPT ); Wed, 1 Jan 2020 17:26:42 -0500 Received: by mail-pj1-f41.google.com with SMTP id a6so2501290pjh.2; Wed, 01 Jan 2020 14:26:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=uR3f0Y5+qpw7GzuSpDtOazUC6VJQJeKwTwbFDTwTBCA=; b=CU2NII8FZa30KDpLnt4mEcuPIpi6mpwLeoCKYIBiXi3+iSRhIei0bSqwbxV2qYZfed sc41uaPx22YpIt0MXVb6aK3b6qAIZfGojA4YfXCs3BgYffpDkz2kmqgUe0UqezAOHkHg MU1JwErrD1K7so4R11sRKdfDO4ZGk3XH1HLONH33gt/fRagYhkiPI9toEJ3HMb59ne56 AFeGX0D8lDfgFY/x6LabxN6rdoUERq4w97MBYmUn5Sl4F0V5JgCLfpzCg0+6YGwDIXyT b2Dfl8ADA1G/nQtR0arOzR1QRTWAt514tmhNLPqjCMwUbhyOdbaklG0GpWZt8znPOMLQ O69A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uR3f0Y5+qpw7GzuSpDtOazUC6VJQJeKwTwbFDTwTBCA=; b=rCSktpSHPkyunwE+Ave655NuUE0zVssWzu8Xp49RPUSob+7YgdANYu5mdapB3vsCS9 bEJXDJIoFnGsSSS7wPa0E3FhVLVkdLSLbMohBizA5fR4lCKIvdVPw8Z2d5E4gQoCKfI1 eIBJwdhA/4osTLUhcfgJQazUOtNsK30As6UHY2k1wALpfmTF25i+RP+uRmjT2qx3nWRT h9PnefZql72KTmrxM1MoAcwnMiHUxfJOdCBQxOJW3cKaDKpkUBF4fiT9t2ALq8PdZGp6 4E+Ao4EC0E236fxG4Q/C45dfHPRwGuKDLOzubhdR0VMZxIy93cRRW0xTwDxrGK+hos8S ZItw== X-Gm-Message-State: APjAAAWCE6MiVnKLlOhuIUmurUUm/5LuMFF1w5+fmZpWcIrkpVvhgvbi Gy2v9mlLaaoJY97vVr8Auuw= X-Received: by 2002:a17:90a:1992:: with SMTP id 18mr16205859pji.46.1577917601778; Wed, 01 Jan 2020 14:26:41 -0800 (PST) Received: from localhost.localdomain ([2804:14d:72b1:8920:da15:c0bd:33c1:e2ad]) by smtp.gmail.com with ESMTPSA id o2sm8601008pjo.26.2020.01.01.14.26.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Jan 2020 14:26:40 -0800 (PST) From: "Daniel W. S. Almeida" X-Google-Original-From: Daniel W. S. Almeida To: mchehab+samsung@kernel.org, corbet@lwn.net Cc: "Daniel W. S. Almeida" , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, skhan@linuxfoundation.org, linux-kernel-mentees@lists.linuxfoundation.org Subject: [PATCH v3 5/8] Documentation: nfs: idmapper: convert to ReST Date: Wed, 1 Jan 2020 19:26:12 -0300 Message-Id: <0173f92fceb3648b1840d4a8d29d29191bf473a3.1577917076.git.dwlsalmeida@gmail.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Daniel W. S. Almeida" Convert idmapper.txt to ReST and move it to admin-guide. Content remains mostly unchanged otherwise. Signed-off-by: Daniel W. S. Almeida --- Documentation/admin-guide/nfs/index.rst | 1 + .../nfs/nfs-idmapper.rst} | 31 ++++++++++--------- 2 files changed, 18 insertions(+), 14 deletions(-) rename Documentation/{filesystems/nfs/idmapper.txt => admin-guide/nfs/nfs-idmapper.rst} (81%) diff --git a/Documentation/admin-guide/nfs/index.rst b/Documentation/admin-guide/nfs/index.rst index c73ba9c16b77..c90fd5ebc640 100644 --- a/Documentation/admin-guide/nfs/index.rst +++ b/Documentation/admin-guide/nfs/index.rst @@ -9,4 +9,5 @@ NFS nfsroot nfs-rdma nfsd-admin-interfaces + nfs-idmapper diff --git a/Documentation/filesystems/nfs/idmapper.txt b/Documentation/admin-guide/nfs/nfs-idmapper.rst similarity index 81% rename from Documentation/filesystems/nfs/idmapper.txt rename to Documentation/admin-guide/nfs/nfs-idmapper.rst index b86831acd583..58b8e63412d5 100644 --- a/Documentation/filesystems/nfs/idmapper.txt +++ b/Documentation/admin-guide/nfs/nfs-idmapper.rst @@ -1,7 +1,7 @@ +============= +NFS ID Mapper +============= -========= -ID Mapper -========= Id mapper is used by NFS to translate user and group ids into names, and to translate user and group names into ids. Part of this translation involves performing an upcall to userspace to request the information. There are two @@ -20,22 +20,24 @@ legacy rpc.idmap daemon for the id mapping. This result will be stored in a custom NFS idmap cache. -=========== Configuring =========== + The file /etc/request-key.conf will need to be modified so /sbin/request-key can direct the upcall. The following line should be added: -#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ... -#====== ======= =============== =============== =============================== -create id_resolver * * /usr/sbin/nfs.idmap %k %d 600 +``#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ...`` +``#====== ======= =============== =============== ===============================`` +``create id_resolver * * /usr/sbin/nfs.idmap %k %d 600`` + This will direct all id_resolver requests to the program /usr/sbin/nfs.idmap. The last parameter, 600, defines how many seconds into the future the key will expire. This parameter is optional for /usr/sbin/nfs.idmap. When the timeout is not specified, nfs.idmap will default to 600 seconds. -id mapper uses for key descriptions: +id mapper uses for key descriptions:: + uid: Find the UID for the given user gid: Find the GID for the given group user: Find the user name for the given UID @@ -45,23 +47,24 @@ You can handle any of these individually, rather than using the generic upcall program. If you would like to use your own program for a uid lookup then you would edit your request-key.conf so it look similar to this: -#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ... -#====== ======= =============== =============== =============================== -create id_resolver uid:* * /some/other/program %k %d 600 -create id_resolver * * /usr/sbin/nfs.idmap %k %d 600 +``#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ...`` +``#====== ======= =============== =============== ===============================`` +``create id_resolver uid:* * /some/other/program %k %d 600`` +``create id_resolver * * /usr/sbin/nfs.idmap %k %d 600`` + Notice that the new line was added above the line for the generic program. request-key will find the first matching line and corresponding program. In this case, /some/other/program will handle all uid lookups and /usr/sbin/nfs.idmap will handle gid, user, and group lookups. -See for more information +See Documentation/security/keys/request-key.rst for more information about the request-key function. -========= nfs.idmap ========= + nfs.idmap is designed to be called by request-key, and should not be run "by hand". This program takes two arguments, a serialized key and a key description. The serialized key is first converted into a key_serial_t, and -- 2.24.1