X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;ds=sidebyside;f=utils%2Fnfsidmap%2Fnfsidmap.man;h=9badb3f6f31f9c3b8ffc2ae170dec97c2fbb8eff;hb=69aa69e7de80b6cdf2ea0212a2f3df20fc8d3853;hp=6c1a2d474fff900ceb0b8c23e0d7a4c98f0ff2c7;hpb=6f07548141e710767d425e119d9823691293771d;p=nfs-utils.git diff --git a/utils/nfsidmap/nfsidmap.man b/utils/nfsidmap/nfsidmap.man index 6c1a2d4..9badb3f 100644 --- a/utils/nfsidmap/nfsidmap.man +++ b/utils/nfsidmap/nfsidmap.man @@ -5,6 +5,10 @@ .TH nfsidmap 5 "1 October 2010" .SH NAME nfsidmap \- The NFS idmapper upcall program +.SH SYNOPSIS +.B "nfsidmap [-v] [-t timeout] key desc" +.br +.B "nfsidmap [-v] [-c]" .SH DESCRIPTION The file .I /usr/sbin/nfsidmap @@ -12,11 +16,25 @@ is used by the NFS idmapper to translate user and group ids into names, and to translate user and group names into ids. Idmapper uses request-key to perform the upcall and cache the result. .I /usr/sbin/nfsidmap -should only be called by request-key, and will perform the translation and +is called by /sbin/request-key, and will perform the translation and initialize a key with the resulting information. .PP -NFS_USE_NEW_IDMAPPER must be selected when configuring the kernel to use this -feature. +.I nfsidmap +can also used to clear the keyring of all the keys. +This is useful when all the mappings have failed to due to an DNS outage +or some other error resulting in all the cached uid/gid to be invalid. +.SH OPTIONS +.TP +.B -c +Clear the keyring of all the keys. +.TP +.B -t timeout +Set the expiration timer, in seconds, on the key. +The default is 600 seconds (10 mins). +.TP +.B -v +Increases the verbosity of the output to syslog +(can be specified multiple times). .SH CONFIGURING The file .I /etc/request-key.conf @@ -25,11 +43,13 @@ will need to be modified so can properly direct the upcall. The following line should be added before a call to keyctl negate: .PP -create nfs_idmap * * /usr/sbin/nfsidmap %k %d 600 +create id_resolver * * /usr/sbin/nfsidmap -t 600 %k %d .PP -This will direct all nfs_idmap requests to the program -.I /usr/sbin/nfsidmap -The last parameter, 600, defines how many seconds into the future the key will +This will direct all id_resolver requests to the program +.I /usr/sbin/nfsidmap. +The +.B -t 600 +defines how many seconds into the future the key will expire. This is an optional parameter for .I /usr/sbin/nfsidmap and will default to 600 seconds when not specified. @@ -48,9 +68,9 @@ You can choose to handle any of these individually, rather than using the generic upcall program. If you would like to use your own program for a uid lookup then you would edit your request-key.conf so it looks similar to this: .PP -create nfs_idmap uid:* * /some/other/program %k %d 600 +create id_resolver uid:* * /some/other/program %k %d .br -create nfs_idmap * * /usr/sbin/nfsidmap %k %d 600 +create id_resolver * * /usr/sbin/nfsidmap %k %d .PP Notice that the new line was added above the line for the generic program. request-key will find the first matching line and run the corresponding program.