Bug 204013
Summary: | permission problems communicating with FreeBSD-based NFS servers. | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jeremy Anderson <ja> | ||||||||
Component: | kernel | Assignee: | Steve Dickson <steved> | ||||||||
Status: | CLOSED NOTABUG | QA Contact: | Brian Brock <bbrock> | ||||||||
Severity: | high | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | 8 | CC: | alden, davej, triage, wtogami | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | x86_64 | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | bzcl34nup | ||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2008-04-25 14:27:11 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Jeremy Anderson
2006-08-25 00:02:03 UTC
Changing to proper owner, kernel-maint. A new kernel update has been released (Version: 2.6.18-1.2200.fc5) based upon a new upstream kernel release. Please retest against this new kernel, as a large number of patches go into each upstream release, possibly including changes that may address this problem. This bug has been placed in NEEDINFO state. Due to the large volume of inactive bugs in bugzilla, if this bug is still in this state in two weeks time, it will be closed. Should this bug still be relevant after this period, the reporter can reopen the bug at any time. Any other users on the Cc: list of this bug can request that the bug be reopened by adding a comment to the bug. In the last few updates, some users upgrading from FC4->FC5 have reported that installing a kernel update has left their systems unbootable. If you have been affected by this problem please check you only have one version of device-mapper & lvm2 installed. See bug 207474 for further details. If this bug is a problem preventing you from installing the release this version is filed against, please see bug 169613. If this bug has been fixed, but you are now experiencing a different problem, please file a separate bug for the new problem. Thank you. Problem was reproduced under 2.6.17-1.2187_FC5. Additional notes: 1) editing a file owned by another user with kedit failed. 2) editing a file owned by another user with vi succeeded, but only by forcing a write using :w! 3) (new) Appending a file owned by another user with cat >> succeeded. The previous comment mentioned 2.6.18-1.2200.fc5. Does that have the same problem ? Sorry. First upgrade to 2.6.18-1.2200.fc5 was not sucessful. Yes, this problem reproduces under 2.6.18-1.2200.fc5. Fedora apologizes that these issues have not been resolved yet. We're sorry it's taken so long for your bug to be properly triaged and acted on. We appreciate the time you took to report this issue and want to make sure no important bugs slip through the cracks. If you're currently running a version of Fedora Core between 1 and 6, please note that Fedora no longer maintains these releases. We strongly encourage you to upgrade to a current Fedora release. In order to refocus our efforts as a project we are flagging all of the open bugs for releases which are no longer maintained and closing them. http://fedoraproject.org/wiki/LifeCycle/EOL If this bug is still open against Fedora Core 1 through 6, thirty days from now, it will be closed 'WONTFIX'. If you can reporduce this bug in the latest Fedora version, please change to the respective version. If you are unable to do this, please add a comment to this bug requesting the change. Thanks for your help, and we apologize again that we haven't handled these issues to this point. The process we are following is outlined here: http://fedoraproject.org/wiki/BugZappers/F9CleanUp We will be following the process here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this doesn't happen again. And if you'd like to join the bug triage team to help make things better, check out http://fedoraproject.org/wiki/BugZappers Please change the version to Fedora 8. I'm having the same problem with my Fedora 8 clients (running 2.6.24.4-64) to my Mac OS X 10.4.11 NFS server. Help? I'm not having any problems using a F-8 kernel 2.6.24.4-64.fc8 kernel to mount a Mac-OS 10.5 server... would be possible to get a binary bzip2 tshark network trace? Something similar to: tshark -w /tmp/bz204013.pcap host <MacServer> bzip2 /tmp/bz204013.pcap Created attachment 303162 [details]
output from tshark
Here is the requested output from tshark.
Here is what the network trace shows, The MacOS server is failing truncation of a file (see patcks 5 and 11 of the trace). Both requests are coming from a user with the following credentials: UID: 500 GID: 224 Auxiliary GIDs: 80, 220, 224, 360, 410, 414, 450, 620, 1000, 1003, 1004, 1005, 1006, 1011, 1012, 1013 So from you are saying, user1:x:501:100:User1:/home/user1:/bin/bash and user2:x:502:100:User2:/home/user2:/bin/bash are trying to write to user1:users /mnt/nffsshare/testfile as user2 which fails. Unfortunately, the above scenario does not jive with the network trace. What the network trace is saying a user with a GID of 500 and GID 224 who is *not* in group 100 (note the fact 100 is not in the auxiliary GIDs) is being denied access to a file that owned by UID 2501, GID 224 and a file mode of 0660, which makes sense... So it appears to me that the uid/gid you think your using is not the actual uid/gid are being used. Or maybe there is a mismatch of ids between the server and client? I'm sorry, there's a little confusion here. I'm not the original poster, so I'm not using the user1, user2 settings that the OP is. Here's my setup (and I'll attach a new tshark output with the output from this example): % ls -lna drwxrws--- 3 2501 224 102 2008-04-23 08:52 . drwxr-xr-x 10 2501 10 340 2008-04-17 09:42 .. -rw-rw---- 1 2501 224 9 2008-04-21 11:33 z % id uid=1301(joeuser) gid=224(staff-computer) groups=224(staff-computer) % echo hi >| z -bash: z: Permission denied % I've run the same commands from a Mac OS X client and I notice a few 'minor' differences: o The Fedora client sets the Machine Name in the Credentials part of the packet, the Mac client does not. o The Fedora client sends the primary GID as an Auxiliary GID, the Mac client does not. o The Fedora client sends a new attribute for 'mtime' ("set to server time") while the Mac client does not. Not knowing the NFS protocol, I don't know if those are 'normal' -- but an educated guess tells me that they are and therefore it's probably the Mac NFS server that is broken, right? Created attachment 303495 [details]
new output (from Fedora 8 client)
Created attachment 303496 [details]
new output (from Mac OS X client)
David, First of all, thank for such an excellent analysis of the problem! It was definitely appreciated! I have to agree with your findings that this appears to be a server problem, so I pinged one of the NFS guys at Apple and here is his response: I remember I fixed one that caused ACCESS to return incorrect access bits which I think went out in a Tiger update, though I can't pin down which one. But it's possibly fixed in a Tiger update - though it affected Mac clients too. Sounds like the customer should now be motivated to upgrade to 10.5 Leopard. It's not likely that we'll be putting much effort into fixing 10.4 Tiger bugs now. So it appears you'll need to update your MacOS to 10.5. Note: I access a 10.5 exports (on my iMac) from RHEL and Fedora clients all the time... w/out issue. |