We have a cache directory on NFS which gets written to by LDAP users. In CI we have the problem that its non-LDAP User can't properly change files in this cache directory.
- What is the "correct" way of setting up access to this NFS based cache to enable the cache usage in CI too?
- Should the pipeline-user set to be a LDAP user too? Or is there a way around?
NFS requires that client and server have a consistent user mapping (that's why the famous book called "Managing NFS and NIS"). First of all, if kerberos is not used, that all RPC packets are identified by process uid/gids. Thus make sure that there everything is in sync. Even it user names are different, then numeric id must match (here, of course using LDAP helps to keep it consistent). Second, when you do 'chown bob file.txt', then client either sends "bob@" or "1234" to the server (assuming that "1234" is bob's uid). Here as well, client and server must agree on what is sent over the wire and, if string principals are sent, then LDAP will help.
Of course you can sync the uids manually. Then ensure that numeric IOs are in use.
More info: https://serverfault.com/a/632315/127530