Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1276133ybl; Fri, 10 Jan 2020 15:26:21 -0800 (PST) X-Google-Smtp-Source: APXvYqzk/Mm3U9r8uFyRyrDSdZPLUQMfICeGFd2KxGLszMhWzim818btQifLIGgfnT66o1qMd6VP X-Received: by 2002:aca:b984:: with SMTP id j126mr4376256oif.174.1578698781448; Fri, 10 Jan 2020 15:26:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578698781; cv=none; d=google.com; s=arc-20160816; b=qIQJlyU/Lw9c+GO5rvYAq9PfoAVrh66XWTEKNh5no0lSPG7yxEeV1cHWW9TJaViUy1 akAyOBdgrR/g1TwBrOJeJpRYgYlNdrCFKAXsYlx+4UpH0mxSbtleCg4RWrhsEeESIM1Y b66IWGDmdj/Nn+MQKi+s/+bUua2+Qs4qQbyeCjdXDJvH/q3wt9eej9dOZOcX5ULaOv26 qZKYjxPT3UWBrlaQyjp2s/PyVaB+Hs/pGKObpzb00OGd/6BcVCIgvaLH3kxWDxkvCcJe 1fkaxstAZ1pls4NZmne76q3dHbFxH838zFmUspbPgsu6lQV0NgnRLhaHmPygFzL7w7rR PZ6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=H+ZY7mgwtaDq8KuNs5XppAH1no6Df53vnlu2/x+Z9PQ=; b=pALlp0VZlWcE+y2fJPfAKRGDKddI4dU5wT/MOSGg9bHKqRlk2dlYvu9B5Ui9Csisj9 SnUDaE/55Hdyz4t0cXp8YJ3ny0J1gYnn76sSOZdP48jzF8CiqnjgSLXOdc7zwQQK9CCU udSvE8cU1mtH7teDYbJ3iZonycF+dQJPDeyMzRdqbNisZRFz3uHZGHvO6lE0hsk90tQi WLOfNc8Uwxoe50GhvnVgFXsUwxLtzs/3KsTn8ZmuudIGfbBy9qrIrCwM63c7BohOzRMr /x/B8KJG0Rg0OOfiAIAQdDuTPrkQ8cxOtnIDAmNPs19S0xEHyljUTAF/MsDj5viRrYdW 97Gw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=G1a9qXEt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p186si1870221oih.172.2020.01.10.15.26.10; Fri, 10 Jan 2020 15:26:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=G1a9qXEt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727755AbgAJXZH (ORCPT + 99 others); Fri, 10 Jan 2020 18:25:07 -0500 Received: from mail-qv1-f51.google.com ([209.85.219.51]:45178 "EHLO mail-qv1-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727701AbgAJXZF (ORCPT ); Fri, 10 Jan 2020 18:25:05 -0500 Received: by mail-qv1-f51.google.com with SMTP id l14so1584794qvu.12; Fri, 10 Jan 2020 15:25:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=H+ZY7mgwtaDq8KuNs5XppAH1no6Df53vnlu2/x+Z9PQ=; b=G1a9qXEtwVi0udBWdjEfIDOV+7+LYNi0HI0nlET9Jda6nxu0OPAgHaKpT8IGNYRMRp DaZBguNfKF0TzKGDD0xJSFxWX4yYtde/CqbTidE4nRuZClnxdOE4+J5gTkRSdLJMpgsi YGmtcO08AW5JJDzB2ixBmrWl30pQ3FeuzJuBmtiVxgbKrh0w+P6IKx0+a2wWNc7/117d ti3dU73JBXdXQnOMqpvwojeUXRJgjgzNIhpbxUfxYpiy/1wlc0RG45WvnwOteEdHEwhk K/10fv2BtfBmvuPFAOcXO3cjAYmWImsFsPlZedkOGIz4qKtQJjmkqe7iAUw3QdQOz2Wq aylA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=H+ZY7mgwtaDq8KuNs5XppAH1no6Df53vnlu2/x+Z9PQ=; b=O0514OWrvFzyMKhbWqbOo6vvwGiw/A0/9KiO4eOdFyo9Wej15cGKQKodan4VRlleX8 h/wmbLm8ZgaJz6JlV5gpJHyS6MfZlxQxx0hOYRtMZNlZFRPztnd5x/iBWWrXkyM7HX4F lyw3Q54nkrp2eA8tPRgoyQFM43WjxSbkLr2FOHApZzPnko3u8WQF/Wsa93ZztbCEsC/+ Nux6ySifPBw1d5aB88Tq304VGpkLBSGbHA/922MnVw3hLsizywzm4jhtBxczZzQfRo7v gOLiFSj+1hGfYL+nuO8RT9StT1Q3iQ6G9TIS6WGFbAb/T6KeCh3KthbAXtBQE6CTjIF3 if0A== X-Gm-Message-State: APjAAAXcottWnN+OEnkMNfPy13lhVJbL6vMirjOVBFVTXGCR1uhts2uf uUfap9lWfoOA+Iz1aLXY4Uc= X-Received: by 2002:a0c:a998:: with SMTP id a24mr1145404qvb.11.1578698704116; Fri, 10 Jan 2020 15:25:04 -0800 (PST) Received: from localhost.localdomain ([2804:14d:72b1:8920:a2ce:f815:f14d:bfac]) by smtp.gmail.com with ESMTPSA id i2sm1774752qte.87.2020.01.10.15.25.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2020 15:25:03 -0800 (PST) From: "Daniel W. S. Almeida" X-Google-Original-From: Daniel W. S. Almeida To: mchehab+samsung@kernel.org, corbet@lwn.net Cc: "Daniel W. S. Almeida" , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, skhan@linuxfoundation.org, linux-kernel-mentees@lists.linuxfoundation.org Subject: [PATCH v4 6/9] Documentation: nfs: idmapper: convert to ReST Date: Fri, 10 Jan 2020 20:24:28 -0300 Message-Id: <069e40cd551ea778538f8fe9ad15ee26e45fc748.1578697871.git.dwlsalmeida@gmail.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Daniel W. S. Almeida" Convert idmapper.txt to ReST and move it to admin-guide. Content remains mostly unchanged otherwise. Signed-off-by: Daniel W. S. Almeida --- Documentation/admin-guide/nfs/index.rst | 1 + .../nfs/nfs-idmapper.rst} | 31 ++++++++++--------- 2 files changed, 18 insertions(+), 14 deletions(-) rename Documentation/{filesystems/nfs/idmapper.txt => admin-guide/nfs/nfs-idmapper.rst} (81%) diff --git a/Documentation/admin-guide/nfs/index.rst b/Documentation/admin-guide/nfs/index.rst index e0b2f4260ad7..8376d5225fc2 100644 --- a/Documentation/admin-guide/nfs/index.rst +++ b/Documentation/admin-guide/nfs/index.rst @@ -9,3 +9,4 @@ NFS nfsroot nfs-rdma nfsd-admin-interfaces + nfs-idmapper diff --git a/Documentation/filesystems/nfs/idmapper.txt b/Documentation/admin-guide/nfs/nfs-idmapper.rst similarity index 81% rename from Documentation/filesystems/nfs/idmapper.txt rename to Documentation/admin-guide/nfs/nfs-idmapper.rst index b86831acd583..58b8e63412d5 100644 --- a/Documentation/filesystems/nfs/idmapper.txt +++ b/Documentation/admin-guide/nfs/nfs-idmapper.rst @@ -1,7 +1,7 @@ +============= +NFS ID Mapper +============= -========= -ID Mapper -========= Id mapper is used by NFS to translate user and group ids into names, and to translate user and group names into ids. Part of this translation involves performing an upcall to userspace to request the information. There are two @@ -20,22 +20,24 @@ legacy rpc.idmap daemon for the id mapping. This result will be stored in a custom NFS idmap cache. -=========== Configuring =========== + The file /etc/request-key.conf will need to be modified so /sbin/request-key can direct the upcall. The following line should be added: -#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ... -#====== ======= =============== =============== =============================== -create id_resolver * * /usr/sbin/nfs.idmap %k %d 600 +``#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ...`` +``#====== ======= =============== =============== ===============================`` +``create id_resolver * * /usr/sbin/nfs.idmap %k %d 600`` + This will direct all id_resolver requests to the program /usr/sbin/nfs.idmap. The last parameter, 600, defines how many seconds into the future the key will expire. This parameter is optional for /usr/sbin/nfs.idmap. When the timeout is not specified, nfs.idmap will default to 600 seconds. -id mapper uses for key descriptions: +id mapper uses for key descriptions:: + uid: Find the UID for the given user gid: Find the GID for the given group user: Find the user name for the given UID @@ -45,23 +47,24 @@ You can handle any of these individually, rather than using the generic upcall program. If you would like to use your own program for a uid lookup then you would edit your request-key.conf so it look similar to this: -#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ... -#====== ======= =============== =============== =============================== -create id_resolver uid:* * /some/other/program %k %d 600 -create id_resolver * * /usr/sbin/nfs.idmap %k %d 600 +``#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ...`` +``#====== ======= =============== =============== ===============================`` +``create id_resolver uid:* * /some/other/program %k %d 600`` +``create id_resolver * * /usr/sbin/nfs.idmap %k %d 600`` + Notice that the new line was added above the line for the generic program. request-key will find the first matching line and corresponding program. In this case, /some/other/program will handle all uid lookups and /usr/sbin/nfs.idmap will handle gid, user, and group lookups. -See for more information +See Documentation/security/keys/request-key.rst for more information about the request-key function. -========= nfs.idmap ========= + nfs.idmap is designed to be called by request-key, and should not be run "by hand". This program takes two arguments, a serialized key and a key description. The serialized key is first converted into a key_serial_t, and -- 2.24.1