System Administration Guide: Network Services

ACLs and nfsmapid in NFS Version 4

An access control list (ACL) provides better file security by enabling the owner of a file to define file permissions for the file owner, the group, and other specific users and groups. ACLs are set on the server and the client by using the setfacl command. See the setfacl(1) man page. In NFS version 4, the ID mapper, nfsmapid, is used to map user or group IDs in ACL entries on a server to user or group IDs in ACL entries on a client. The reverse is also true. The user and group IDs in the ACL entries must exist on both the client and the server.

Reasons for ID Mapping to Fail

The following situations can cause ID mapping to fail:

Avoiding ID Mapping Problems With ACLs

To avoid ID mapping problems, do the following:

Checking for Unmapped User or Group IDs

To determine if any user or group cannot be mapped on the server or client, use the following script:

#! /usr/sbin/dtrace -Fs

     printf("validate_idmapping: (%s) in the ACL could not be mapped!", 

Note –

The probe name that is used in this script is an interface that could change in the future. For more information, see Stability Levels in Solaris Dynamic Tracing Guide.

Additional Information About ACLs or nfsmapid

See the following: