[CentOS] nfsnobody 65534 vs 4294967294

Thu May 29 16:11:01 UTC 2008
David Halik <dhalik at jla.rutgers.edu>

Hi, I just had a couple of questions about nfsnobody.

We run a very large NFS infrastructure based off of a NetApp, and we're 
been discussing whether or not it is necessary to have 64 bit nfsnobody 
as 4294967294. I understand the reasoning behind this (2^32 - 2 gives 
you a max UID), but we're having issues since we run multiple 
architectures. The UID doesn't play nice across Solairs, Centos, 32 vs 
64bit, etc.

Are there any obvious security risks or problems with using nfsnobody as 
65534 (2^16 - 2) on 64bit, or even just assigning it a random value, 300 
for example? I can't see any particular reason for having such a high 
number other than to keep it above any possible real UID space.

Also, the NetApp automatically generates quota tables based off of the 
highest UID, so obviously this is a *major* problem if suddenly we have 
billions of users as far as the NetApp is concerned. Ultimately, we'd 
like to just assign it a low value in the range with our other system 
account, but we are not sure of the potential risks with NFS etc.

Any comments would be appreciated.

David Halik
System Administrator
OIT-CSS Rutgers University
dhalik at jla.rutgers.edu