Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

cadencep45

4 Apprentice

 • 

318 Posts

3437

July 19th, 2018 02:00

does nfs switch for --manage-gids exist

By default, the nfs client sends on the wire a list of max 16 gid's the uid is a member of. This can be discarded and a lookup forced from the server by using --manage-gids on the nfs daemon.

An example from a VNX is

server_param server_2 -facility nfs -info manageGids

server_2 : name                    = manageGids

facility_name           = nfs

default_value           = 0

current_value           = 0

configured_value        =

user_action             = none

change_effective        = immediate

range                   = (0,1)

description             = Rebuild the list of groups ids from the resolvers

this will presumably have an impact on response time as you are effectively throwing away the cached answer provided on the wire ( as its

potentially wrong, ie < 16 groups ) and doing a lookup of group membership from the NFS server.

Has anyone configured in such a way, and if so, can they comment on performance impact ?

Peter_Sero

6 Operator

 • 

1.2K Posts

July 19th, 2018 03:00

"locally" means server-side or server-initiated rather than using the client-submitted gids,

and the server will perform the lookup according to the configured provider

for the access zone, e.g. LDAP (yeah kind of "remote", but again,

"local" just stands for "not NFS client").

Peter_Sero

6 Operator

 • 

1.2K Posts

July 19th, 2018 03:00

The Isilon way for doing this is:

isi nfs settings export modify  --map-lookup-uid yes

hth

-- Peter

cadencep45

4 Apprentice

 • 

318 Posts

July 19th, 2018 03:00

not sure

( from onefs 8.0.0 CLI administration Guide )

--map-lookup-uid {yes | no} If set to yes, incoming UNIX user identifiers (UIDs) will be looked up locally. The default setting is no.

this refers to uid rather than gid. If the list of GID's that are potentially wrong ( cut off at 16, but UID could exist in more than 16 groups ), unless the above option implicitly also does GID lookups ?

crklosterman

450 Posts

July 23rd, 2018 13:00

Be careful with this option because it can generate some significant load on the LDAP infrastructure depending upon the number of users connecting.  I'm not saying don't use it, just instead watch your ldap infrastructure carefully if you do. And yes lookup the UID not the GID, because looking up the UID will return the UID/GID and all the supplemental secondary groups (even more than 16).

~Chris

cadencep45

4 Apprentice

 • 

318 Posts

September 18th, 2018 01:00

any thoughts on how to measure/monitor this load, as while the documentation is heavy on the warnings, its very light on practical ways to measure.

Was this post helpful?

View All

0 events found

No Events found!

Top