How to Map UID/GID Between Local User and NFSv4 Mount for Seamless File Ownership


3 views

When mounting an NFSv4 share across systems with different user IDs, we often encounter ownership discrepancies. In this case, remote files (UID/GID 512) appear foreign on the local system (where users typically have UID/GID 1000). This creates permission issues and breaks workflows.

The existing setup shows two critical configurations:

# Remote server's /etc/exports
/home/user512 192.168.1.142(rw,sync,all_squash,anonuid=512,anongid=512)

# Local client's /etc/fstab  
192.168.1.110:/home/user512 /home/localuser/projects/project512 nfs rw,hard,intr,rsize=32768,wsize=32768 0 0

The modern approach uses NFSv4's idmapper:

# On both client and server:
sudo nano /etc/idmapd.conf

[General]
Domain = yourdomain.local

[Translation]
Method = nsswitch

Then restart services:

sudo systemctl restart rpcidmapd
sudo systemctl restart nfs-client.target

For systems without centralized auth:

# On client machine:
sudo nano /etc/fstab

192.168.1.110:/home/user512 /home/localuser/projects/project512 nfs rw,hard,intr,rsize=32768,wsize=32768,uid=1000,gid=1000 0 0

Modify the export to be more flexible:

# On server's /etc/exports
/home/user512 192.168.1.142(rw,sync,all_squash,anonuid=1000,anongid=1000)

After changes, test with:

# Remount the share
sudo umount /home/localuser/projects/project512
sudo mount -a

# Verify ownership
ls -ln /home/localuser/projects/project512

For dynamic environments, consider this bash script:

#!/bin/bash
LOCAL_UID=$(id -u localuser)
LOCAL_GID=$(id -g localuser)

sudo mount -t nfs -o rw,hard,intr,rsize=32768,wsize=32768,uid=$LOCAL_UID,gid=$LOCAL_GID \
192.168.1.110:/home/user512 /home/localuser/projects/project512

When mounting NFS shares across systems with different user bases, ownership discrepancies become immediately apparent. In our scenario, files owned by remote UID 512 appear as user 512 locally, rather than mapping to our preferred local UID 1000.

The existing setup uses two critical configurations:

# Remote server's /etc/exports
/home/user512 192.168.1.142(rw,sync,all_squash,anonuid=512,anongid=512)
# Local client's /etc/fstab  
192.168.1.110:/home/user512 /home/localuser/projects/project512 nfs rw,hard,intr,rsize=32768,wsize=32768 0 0

The proper way to handle this is through NFSv4's native idmapping functionality. Here's how to implement it:

# On both client and server, edit /etc/idmapd.conf
[General]
Domain = yourdomain.local

[Translation]
Method = nsswitch

[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup

For simpler cases where you just need everything to appear as a specific user:

# Modify local mount options in /etc/fstab
192.168.1.110:/home/user512 /home/localuser/projects/project512 nfs rw,hard,intr,rsize=32768,wsize=32768,uid=1000,gid=1000 0 0

After making changes, test with:

# Unmount and remount
sudo umount /home/localuser/projects/project512
sudo mount -a

# Check ownership
ls -l /home/localuser/projects/project512

If permissions still don't match:

  • Ensure idmapd is running: sudo systemctl restart rpc-idmapd
  • Check daemon status: sudo nfsidmap -c
  • Verify domain matches on both ends