Oh man, you're kidding me?! What is the purpose of Domain/Local-Realms then? Sigh ... <div class="gmail_quote">On Oct 22, 2013 3:45 PM, "Joshua Baker-LePain" <<a href="mailto:jlb17@duke.edu">jlb17@duke.edu</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> On Tue, 22 Oct 2013 at 12:35pm, Chris Adams wrote <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Once upon a time, Joshua Baker-LePain <<a href="mailto:jlb17@duke.edu" target="_blank">jlb17@duke.edu</a>> said: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Are you using Kerberos with NFSv4? If not, then the numeric UIDs and GIDs still must match. idmapd *will* map usernames for display purposes (i.e. what 'ls -l' sees), but the numeric IDs are still used for permissions. Clear as mud, ain't it? </blockquote> Oh, that may be why I've always been confused by the ID mapping (and avoided it). Now, I'm not using Kerberos, so it sounds like the ID mapping won't actually help me with my problem. <sigh> What's the point of ID mapping if it only maps them in some places? That's terribly confusing. </blockquote> Yes. Yes it is. <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> stat() sees the numeric ID mapped (and chown()), but I guess open() permission checks don't? </blockquote> This (rather old) thread explains it better than I can: <a href="http://thread.gmane.org/gmane.linux.nfsv4/7103/focus=7105" target="_blank">http://thread.gmane.org/gmane.linux.nfsv4/7103/focus=7105</a> -- Joshua Baker-LePain QB3 Shared Cluster Sysadmin UCSF _______________________________________________ rhelv6-list mailing list <a href="mailto:rhelv6-list@redhat.com" target="_blank">rhelv6-list@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/rhelv6-list" target="_blank">https://www.redhat.com/mailman/listinfo/rhelv6-list</a> </blockquote></div>