Bug 10332

Summary: NFS does not honor the netgroups in /etc/exports
Product: [Retired] Red Hat Linux Reporter: miker
Component: nfs-utilsAssignee: Michael K. Johnson <johnsonm>
Status: CLOSED WORKSFORME QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: aleksey, thoth, zaitcev
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-11-13 00:14:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description miker 2000-03-24 20:49:43 UTC 
Mar 24 11:31:06 maya mountd[26991]: refused mount request from
aztec.incanta.net for /homes7 (/): no export entry

BUT(!)

[miker@aztec miker]$ cat /etc/netgroup
kennedy (aztec.incanta.net,,) (maya.incanta.net,,) (llama.incanta.net,,)
(euterpe.incanta.net,,) (llama.incanta.net,,) (euterpe.incanta.net,,)
(lumux.incanta.net,,) (oasis.incanta.net,,)

(which is nis exported from aztec)

and

[miker@maya miker]$ cat /etc/exports
/homes2         *.field.incanta.net(ro) @kennedy(rw)
nile.purplefrog.com(rw)
/homes4         *.field.incanta.net(ro) @kennedy(rw)
nile.purplefrog.com(ro)
/homes5         *.field.incanta.net(ro) @kennedy(rw)
nile.purplefrog.com(ro)
/homes6         *.field.incanta.net(ro) @kennedy(rw)
nile.purplefrog.com(ro)
/homes7         *.field.incanta.net(ro) @kennedy(rw)
nile.purplefrog.com(ro)
Comment 1 Cristian Gafton 2000-08-09 02:33:58 UTC 
assigned to johnsonm
Comment 2 Aleksey Nogin 2001-11-11 16:38:41 UTC 
I still see this with both client and server running 7.2 (+all updates).
Comment 3 Aleksey Nogin 2001-11-11 16:43:47 UTC 
*** Bug 5202 has been marked as a duplicate of this bug. ***
Comment 4 Aleksey Nogin 2001-11-11 16:50:35 UTC 
There were no activity on this bug for over a year and I still see it in 7.2.
Should it be reassigned "to owner of selected component  (bmatthews)"?

P.S. I also want to mention that what I see in 7.2 is very similar to what
originally reported in that it complains 
"... for /xyz (/): no export entry"
e.g. it is looking for an export entry for *root fs* even though /xyz is a
separate fs and has a separate entry in /etc/exports (and if I explicitly list
the client instead of just using a netgroup entry, then the log message would
say that access to "/xyz (/xyz)" was granted).
Comment 5 thoth 2001-11-12 17:02:06 UTC 
How the hell do people manage /etc/exports on an honest-to-god network of
machines?  Maybe everyone who exports a partition to more than 3 machines runs
Solaris instead of Linux.

It is drastically pathetic that his hasn't been fixed yet.
Comment 6 Bob Matthews 2001-11-12 17:13:07 UTC 
The netgroups issue should have been fixed back in nfs-utils-0.3.1-1.  What
version of nfs-utils is running on the server?

Might also be a NIS problem.  What happens if you copy /etc/netgroup to the
server and restart nfs services?
Comment 7 Aleksey Nogin 2001-11-12 20:21:47 UTC 
nfs-utils-0.3.1-13.7.2.1

I do not have admin access to the server (and it's running on Solaris), but
ypcat -k netgroup seems to do the right thing.

Here are the relevant parts of my setup:
server% ypmatch somegroup netgroup
... client ...
server% ypmatch client netgroup
(client,-,) (client.cs.cornell.edu,-,) (CLIENT,-,) (CLIENT.CS.CORNELL.EDU,-,)

/etc/exports on server:
/some_partition @somegroup(rw)
...

log gets:
<date> server rpc.mountd: refused mount request from client.cs.cornell.edu for
/some_partition (/): no export entry
Comment 8 Bob Matthews 2001-11-12 20:45:29 UTC 
> I still see this with both client and server running 7.2
...
> I do not have admin access to the server (and it's running on Solaris)

These two statements contradict one another.  Nevertheless, this appears to be
entirely a server side issue.  The nfs-utils are not even required to be
installed on the client side in order to import directories.

You aren't trying to re-export an nfs-mounted directory, are you?  If so, that
is specifically disallowed by the NFS v2 and 3 protocols.
Comment 9 Aleksey Nogin 2001-11-13 00:14:24 UTC 
The *NFS* server is running RH7.2 and is controlled by me. The *YP* server is on
another machine running Solaris and not controleld by me.

> You aren't trying to re-export an nfs-mounted directory, are you?
No, it's a local fs. And it works fine as long as I list the client explicitly
in /etc/exports.

I tried this on another pair of 7.2 machines (in the same NIS domain&group),
same result.
Comment 10 Aleksey Nogin 2001-11-13 00:50:55 UTC 
Ah, this was so dumb of me! I didn't realize that /etc/nsswitch.conf only had
nisplus and not nis for netgroup. After I've updated it, everything started
working properly!
Comment 11 Michael K. Johnson 2002-01-18 18:01:01 UTC 
*** Bug 8839 has been marked as a duplicate of this bug. ***
Comment 12 thoth 2002-02-06 21:10:51 UTC 
We opened this ticket, and I'm pleased to say that on our boxes that run 7.1,
the problem is solved.  The NFS server supports netgroup-based exports.  

Our 6.2 boxes still do not.  They have nfs-utils-0.1.7-1 .  Has redhat released
an erratta for 6.2 that fixes this problem, or is the solution "upgrade the
whole OS" ?
Comment 13 Bob Matthews 2002-02-07 14:22:46 UTC 
We actually didn't release an errata specifically for 6.2, but the netgroups fix
has been in since nfs-utils-0.3.1-1.  I believe this should work for 6.2 boxes,
but it hasn't been tested against such.