NFSv4 Unable to chown file to user nobody

[jeremyj84]

I have ran into an issue that I cannot seem to figure out after hours of digging. I am currently running an NFSv4 server on FreeBSD 11, I am able to mount the NFS on to a FreeBSD 10 machine as well as a local Linux machine. However I am unable to chown any files to the user nobody.

root@gw-01:/shared # chown nobody test
No name and/or group mapping for uid,gid:(65534,-1)
chown: test: Operation not permitted
root@gw-01:/shared # chown test test
root@gw-01:/shared #

/etc/rc.conf on the server side:

nfs_server_enable="YES"
nfsv4_server_enable="YES"
mountd_enable="YES"
mountd_flags="-r"
rpc_lockd_enable="YES"
rpc_statd_enable="YES"
nfsuserd_enable="YES"

 

[krawall]

What is the gid of the main group from nobody? grep nobody /etc/passwd

 

[ekingston]

You may also want to check /etc/exports. There are some options that do funny things with the nobody/nogroup userid/group. I don't set-up NFS servers enough to remember the options and always have to fall back to the docs to remember.

 

[jeremyj84]

The uid/gid for nobody is the same on both ends


root@gw-01:~ # grep -H nobody /etc/passwd /etc/group
/etc/passwd:nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
/etc/group:nobody:*:65534:



root@nas:~ # cat /etc/exports
V4: / -sec sys -network 192.168.0.0 -mask 255.255.255.0
root@nas:~ #


 

[tingo]

Why do you even want to do this? You are aware that user 'nobody' is supposed to be special?

 

[SirDice]

Contrary to popular belief, there's really nothing "special" about the nobody account. The idea was to run daemons on the nobody account but this idea has been proven to be faulty. As long as you have one daemon it'll be fine but running more than one daemon as nobody actually means all those daemons can access each other's files, access processes, etc. So nowadays each daemon simply runs on its own account, thereby separating privileges.

 

[tingo]

but that's the point: user 'nobody' is supposed to have no files, no directories and nothing else on a system. That is the only thing that is special about it.
You are not supposed to run anything as user 'nobody'.
Enterprising souls can figure the point of this scheme if they want to.

 

[SirDice]

The nobody user is commonly used with NFS.