Bug 1043558
Summary: | chown does not respect NFSv4 no_root_squash | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Martin Schuppert <mschuppe> | ||||||
Component: | nfs-utils-lib | Assignee: | Steve Dickson <steved> | ||||||
Status: | CLOSED ERRATA | QA Contact: | JianHong Yin <jiyin> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | urgent | ||||||||
Version: | 6.5 | CC: | djeffery, eguan, fs-qe, jas, jiyin, jsvarova, lherbolt, rmarigny, steved, tlavigne, ykinoshi, yoyang | ||||||
Target Milestone: | rc | Keywords: | ZStream | ||||||
Target Release: | 6.6 | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | nfs-utils-lib-1.1.5-7.el6 | Doc Type: | Bug Fix | ||||||
Doc Text: |
Previously, when the chown utility was used on NFSv4 mount, chown did not adhere the no_root_squash option, and thus was not able to change the user and group ownership of each given file. The libnfsidmap, a library to help mapping IDs mainly for NFSv4, has been patched, and chown now handles the user and group ownership as expected.
|
Story Points: | --- | ||||||
Clone Of: | |||||||||
: | 1093093 1106351 (view as bug list) | Environment: | |||||||
Last Closed: | 2014-10-14 06:32:41 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 994246, 1093093, 1093148, 1106351, 1127166 | ||||||||
Attachments: |
|
Created attachment 837301 [details]
data_test.pcap
It works when setting nfs4_disable_idmapping=n [root@client ~]# cat /etc/modprobe.d/nfs.conf options nfs nfs4_disable_idmapping=n [root@client ~]# mount -t nfs -o vers=4 nfs.example.org:/ /mnt/rhel6/ [root@client ~]# touch /mnt/rhel6/testfile_rootttt [root@client ~]# ll /mnt/rhel6/testfile_rootttt -rw-r--r-- 1 root root 0 Dec 16 2013 /mnt/rhel6/testfile_rootttt [root@client ~]# chown root:root /mnt/rhel6/testfile_rootttt [root@client ~]# ll /mnt/rhel6/testfile_rootttt -rw-r--r-- 1 root root 0 Dec 16 2013 /mnt/rhel6/testfile_rootttt This is the needed fix for libnfsidmap diff -up ./libnfsidmap.c.orig ./libnfsidmap.c --- ./libnfsidmap.c.orig 2014-04-30 10:19:28.000000000 -0400 +++ ./libnfsidmap.c 2014-04-30 10:49:05.000000000 -0400 @@ -99,8 +99,12 @@ static char * toupper_str(char *s) static int id_as_chars(char *name, int *id) { long int value = strtol(name, NULL, 10); - if (value == 0) - return 0; + + if (value == 0) { + /* check for zero id values */ + if (strcmp(name, "0") != 0) + return 0; + } *id = (int)value; return 1; } commit 3226c06989186d9cd60ba146df4e2898fee5047b Author: Steve Dickson <steved> Date: Wed Apr 30 11:14:22 2014 -0400 libnfsidmap: id_as_chars() fails zero value ids. Root has a zero value id which is valid and should not be mapped to nfsnobody Signed-off-by: Steve Dickson <steved> Upstream tag: libnfsidmap-0-26-rc4 *** Bug 1072291 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1451.html |
Created attachment 837300 [details] data_root.pcap Description of problem: when chown a file on nfsv4 mount it seems to not respect NFSv4 no_root_squash option: NFS server export: [root@nfs ~]# cat /etc/exports /scratch *(rw,fsid=0,async,insecure,no_root_squash) [root@nfs ~]# exportfs -rv exporting *:/scratch NFS Client: [root@client ~]# mount -t nfs -o vers=4 nfs.example.org:/ /mnt/rhel6/ [root@client ~]# cat /proc/mounts rootfs / rootfs rw 0 0 proc /proc proc rw,relatime 0 0 sysfs /sys sysfs rw,relatime 0 0 devtmpfs /dev devtmpfs rw,relatime,size=500204k,nr_inodes=125051,mode=755 0 0 devpts /dev/pts devpts rw,relatime,gid=5,mode=620,ptmxmode=000 0 0 tmpfs /dev/shm tmpfs rw,relatime 0 0 /dev/mapper/myvg-rootvol / ext4 rw,relatime,barrier=1,data=ordered 0 0 /proc/bus/usb /proc/bus/usb usbfs rw,relatime 0 0 /dev/vda1 /boot ext3 rw,relatime,errors=continue,user_xattr,acl,barrier=1,data=ordered 0 0 none /proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0 sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw,relatime 0 0 nfs.example.org:/ /mnt/rhel6 nfs4 rw,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.33.20.36,minorversion=0,local_lock=none,addr=10.33.20.128 0 0 Create a file: [root@client ~]# touch /mnt/rhel6/testfile_root [root@client ~]# ll /mnt/rhel6/testfile_root -rw-r--r-- 1 root root 0 Dec 16 2013 /mnt/rhel6/testfile_root Chown the file: [root@client ~]# chown root:root /mnt/rhel6/testfile_root [root@client ~]# ll /mnt/rhel6/testfile_root -rw-r--r-- 1 nobody nobody 0 Dec 16 2013 /mnt/rhel6/testfile_root Doing the same for a "normal" user works as expected: [root@client ~]# su - test Create a file: [test@client ~]$ touch /mnt/rhel6/testfile_test [test@client ~]$ ll /mnt/rhel6/testfile_test -rw-rw-r-- 1 test test 0 Dec 16 2013 /mnt/rhel6/testfile_test Chown the file: [test@client ~]$ chown test:test /mnt/rhel6/testfile_test [test@client ~]$ ll /mnt/rhel6/testfile_test -rw-rw-r-- 1 test test 0 Dec 16 2013 /mnt/rhel6/testfile_test Version-Release number of selected component (if applicable): -RHEL 6.5 -kernel-2.6.32-431.1.2.el6.x86_64 -nfs-utils-1.2.3-39.el6.x86_64 How reproducible: always Steps to Reproduce: 1. cat /etc/exports /scratch *(rw,fsid=0,async,insecure,no_root_squash) 2. # mount -t nfs -o vers=4 nfs.example.org:/ /mnt/rhel6/ 3. # touch /mnt/rhel6/testfile_root => check file perms: -rw-r--r-- 1 root root 0 Dec 16 2013 /mnt/rhel6/testfile_root 4. # chown root:root /mnt/rhel6/testfile_root => check file perms: -rw-r--r-- 1 nobody nobody 0 Dec 16 2013 /mnt/rhel6/testfile_root Actual results: chown to root:root results in nobody:nobody Expected results: chown to root:root results in root:root Additional info: attached * data_root.pcap mount/touch/chown as root user * data_test.pcap touch/chown as test user