On Sat, 28 Jan 2017 15:34:01 -0500 Rich Freeman <ri...@gentoo.org> wrote:
> On Sat, Jan 28, 2017 at 2:32 PM, James Le Cuirot <ch...@gentoo.org> wrote: > > On Sat, 28 Jan 2017 12:13:53 -0600 > > "A. Wilcox" <awil...@adelielinux.org> wrote: > > > >> Having a file that user.eclass would use to map new users/groups to > >> IDs would be extremely beneficial to me. I was thinking about diving > >> in to that some time later, after the GLEP 70 work I'm doing, but if > >> someone else wants to take it - please! That would greatly ease the > >> pain of not only NFS, but swapping data disks around between different / > >> . > >> > >> Consider, for example, one of my use cases for this: I have a > >> LibreSSL / that I use solely for testing ebuilds against it, and my > >> regular / with OpenSSL. I share /home and /srv between these two, but > >> the apache, nginx, and charybdis users have different UIDs between > >> them. Therefore I have to chown -R each time I test LibreSSL. > >> > >> I could use a different /home and /srv, or make two copies, but it's > >> much easier for me to test these apps having my entire normal > >> environment available to me. > > > > As mentioned in my other post, why are you not using idmapd? It's > > trivial to set up on top of NFSv4. > > As far as I can tell there is no Gentoo-specific documentation for > doing this, and from what I have read setting up NFSv4 is a PITA > (perhaps that has changed in recent years). There are also use cases > that don't involve NFS, such as containers. From the docs I have > found on idmapd there wasn't actually a lot of detail, it wasn't clear > if it "just works" without any specific configuration, perhaps it > does. The only common complaints I can recall about NFSv4 over v3 are having to export everything under a single root directory and needing to set fsid against each export for some inexplicable reason. Just bind mount everything you want to export and set a different fsid number against each export line. It's odd when you're used to v3 but really not that hard. I've been using it for years and found it to be faster and more reliable. As for idmapd, this is my entire configuration file. I don't even think the last section is necessary. Configure and start it on every node. It really does just work. [General] Domain = aura-online.co.uk [Mapping] Nobody-User = nobody Nobody-Group = nobody [Translation] Method = nsswitch > In any case, would it be that hard to set reasonable defaults? I do think this idea is a good one. I just wasn't buying the enterprise argument and was surprised that no one had even mentioned idmapd. -- James Le Cuirot (chewi) Gentoo Linux Developer
pgpOy1negkB2G.pgp
Description: OpenPGP digital signature
