nfsidmap [-v] [-t timeout] key desc
nfsidmap [-v] [-c]
nfsidmap [-v] [-u|-g|-r user]
The file /usr/sbin/nfsidmap is used by the NFS idmapper to translate
user and group ids into names, and to translate user and group names
into ids. Idmapper uses request-key to perform the upcall and cache the
result. /usr/sbin/nfsidmap is called by /sbin/request-key, and will
perform the translation and initialize a key with the resulting infor-
nfsidmap can also used to clear the keyring of all the keys or revoke
one particular key. This is useful when the id mappings have failed to
due to a lookup error resulting in all the cached uids/gids to be set
to the user id nobody.
-c Clear the keyring of all the keys.
Revoke the gid key of the given user.
Revoke both the uid and gid key of the given user.
Set the expiration timer, in seconds, on the key. The default
is 600 seconds (10 mins).
Revoke the uid key of the given user.
-v Increases the verbosity of the output to syslog (can be speci-
fied multiple times).
The file /etc/request-key.conf will need to be modified so
/sbin/request-key can properly direct the upcall. The following line
should be added before a call to keyctl negate:
create id_resolver * * /usr/sbin/nfsidmap -t 600 %k %d
This will direct all id_resolver requests to the program
/usr/sbin/nfsidmap. The -t 600 defines how many seconds into the
future the key will expire. This is an optional parameter for
/usr/sbin/nfsidmap and will default to 600 seconds when not specified.
The idmapper system uses four key descriptions:
uid: Find the UID for the given user
gid: Find the GID for the given group
gram. request-key will find the first matching line and run the corre-
sponding program. In this case, /some/other/program will handle all
uid lookups, and /usr/sbin/nfsidmap will handle gid, user, and group
Bryan Schumaker, <firstname.lastname@example.org>
1 October 2010 nfsidmap(5)
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2017
All Rights Reserved.