The man page for exports(5) claims that remote accesses by root will be mapped
to uid/gid -2:-2 unless overridden via the -maproot or -mapall options. But if
root creates a file the result is clearly different:
# touch test
# ls -alF
total 32
drwxrwxrwx 2 ken 999 512 Apr 1 00:05 ./
drwxrwxr-x 12 root 999 512 Apr 1 00:05 ../
-rw-r--r-- 1 4294967294 999 0 Apr 1 00:07 test
#
The problem is obvious: despite the claims of the man page, there is no such
uid/gid as -2:-2. This diff fixes the problem:
Index: master.passwd
===================================================================
RCS file: /cvs/src/etc/master.passwd,v
retrieving revision 1.88
diff -u -p -r1.88 master.passwd
--- master.passwd 5 Mar 2016 12:31:38 -0000 1.88
+++ master.passwd 1 Apr 2017 04:12:19 -0000
@@ -58,3 +58,4 @@ _tftp_proxy:*:108:108::0:0:tftp proxy da
_ftp_proxy:*:109:109::0:0:ftp proxy daemon:/nonexistent:/sbin/nologin
_sndiop:*:110:110::0:0:sndio privileged user:/var/empty:/sbin/nologin
nobody:*:32767:32767::0:0:Unprivileged user:/nonexistent:/sbin/nologin
+-2:*:4294967294:4294967294::0:0:Unprivileged NFS
user:/nonexistent:/sbin/nologin
Index: group
===================================================================
RCS file: /cvs/src/etc/group,v
retrieving revision 1.79
diff -u -p -r1.79 group
--- group 5 Mar 2016 12:31:38 -0000 1.79
+++ group 1 Apr 2017 04:12:19 -0000
@@ -77,3 +77,4 @@ _sndiop:*:110:
dialer:*:117:
nogroup:*:32766:
nobody:*:32767:
+-2:*:4294967294:
Happy April 1st!
-ken
