This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours

Bug 595420

Summary: mounting subdirectory of non-root user account fails
Product: [Fedora] Fedora Reporter: Kamil Páral <kparal>
Component: nfs-utilsAssignee: Steve Dickson <steved>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 16CC: jlayton, steved
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
See Also: https://bugzilla.redhat.com/show_bug.cgi?id=826505
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 599198 (view as bug list) Environment:
Last Closed: 2012-07-02 18:27:52 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 599198    

Description Kamil Páral 2010-05-24 11:11:50 EDT
Description of problem:
Use case 1:
Server:
# cat /etc/exports
/home/kparal/devel     192.168.1.0/24(rw,no_root_squash)

Client:
# mount.nfs 192.168.1.1:/home/kparal/devel /mnt -v
mount.nfs: timeout set for Mon May 24 16:46:36 2010
mount.nfs: trying text-based options 'vers=4,addr=192.168.1.1,clientaddr=192.168.1.2'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting 192.168.1.1:/home/kparal/devel

# mount.nfs 192.168.1.1:/home/kparal /mnt -v
mount.nfs: timeout set for Mon May 24 17:09:51 2010
mount.nfs: trying text-based options 'vers=4,addr=192.168.1.1,clientaddr=192.168.1.2'
192.168.1.1:/home/kparal on /mnt type nfs
# ll -d /mnt/
drwx------. 94 kparal kparal 4096 May 24 12:43 /mnt/
# ll /mnt
ls: cannot open directory /mnt: Permission denied
# (ignores no_root_squash option)

Use case 2:
Server:
# cat /etc/exports
/home/kparal     192.168.1.0/24(rw,no_root_squash)

Client:
everything works perfect

Simply, for non-root owned directories, only the top-level directory can be exported. If you export a subdirectory, presented problems occur.

Version-Release number of selected component (if applicable):
Server:
2.6.33.4-95.fc13.x86_64
nfs-utils-1.2.2-2.fc13.x86_64
Client:
2.6.33.4-95.fc13.x86_64
nfs-utils-1.2.2-2.fc13.x86_64

How reproducible:
Always for my machines. Also reproduced by steved @ #fedora-devel.

Steps to Reproduce:
1. Share a subdirectory of non-root owned directory.
2. Try to mount it from a client.
3. Access denied by server.
Comment 1 Steve Dickson 2010-06-02 12:11:31 EDT
Your home directory '/home/kparal/' has a permission 
mode of 0700 (owner only), correct?
Comment 2 Steve Dickson 2010-06-02 16:18:39 EDT
It appears the no_root_squash export option is broken on
v4 mounts..
Comment 3 Kamil Páral 2010-06-03 04:22:37 EDT
(In reply to comment #1)
> Your home directory '/home/kparal/' has a permission 
> mode of 0700 (owner only), correct?    

Correct.
Comment 4 Kamil Páral 2011-11-23 06:53:47 EST
I have completely the same problem on Fedora 16. It has appeared again.

nfs-utils-1.2.5-3.fc16.x86_64
Comment 5 Kamil Páral 2012-04-16 11:11:25 EDT
The problem also appears with:

/home/kparal/devel/     192.168.1.0/24(rw,all_squash,anonuid=500,anongid=500)

Steve, could you please have a look at that?
Comment 6 Steve Dickson 2012-05-29 09:11:57 EDT
The proposed upstream patch

Author: Steve Dickson <steved@redhat.com>
Date:   Tue May 29 08:57:04 2012 -0400

    Honor the no_root_squash flag on pseudo roots.
    
    If root squashing is turned off on a export that
    has multiple directories, the parent directories
    of the pseudo exports that's built, also needs to
    have root squashing turned off.
    
    Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index 708eb61..ad8a3e7 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -92,7 +92,14 @@ v4root_create(char *path, nfs_export *export)
        exp = export_create(&eep, 0);
        if (exp == NULL)
                return NULL;
-       xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
+       /*
+        * Honor the no_root_squash flag 
+        */
+       if ((curexp->e_flags & NFSEXP_ROOTSQUASH) == 0)
+               exp->m_export.e_flags &= ~NFSEXP_ROOTSQUASH;
+       xlog(D_CALL, "v4root_create: path '%s' flags 0x%x", 
+               exp->m_export.e_path, exp->m_export.e_flags);
+
        return &exp->m_export;
 }
Comment 7 Steve Dickson 2012-05-29 15:57:52 EDT
The koji build:

http://koji.fedoraproject.org/koji/taskinfo?taskID=4112989
Comment 8 Fedora Update System 2012-05-29 16:11:37 EDT
nfs-utils-1.2.5-8.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/nfs-utils-1.2.5-8.fc16
Comment 9 Kamil Páral 2012-05-30 07:09:54 EDT
This fixes the problem only partially.

Now works:
/home/kparal/devel     192.168.1.0/24(rw,no_root_squash)

Still doesn't work:
/home/kparal/devel     192.168.1.0/24(rw,all_squash,anonuid=500,anongid=500)
Comment 10 Steve Dickson 2012-05-30 07:24:14 EDT
(In reply to comment #9)
> This fixes the problem only partially.
> 
> Now works:
> /home/kparal/devel     192.168.1.0/24(rw,no_root_squash)
> 
> Still doesn't work:
> /home/kparal/devel     192.168.1.0/24(rw,all_squash,anonuid=500,anongid=500)
Ok... Lets open up another bz about anonuid/anongid not working so we can move the no_root_squash fix along... OK?
Comment 11 Kamil Páral 2012-05-30 07:33:29 EDT
Okey dokey. Opened bug 826505.
Comment 12 Fedora Update System 2012-06-15 08:25:53 EDT
Package nfs-utils-1.2.5-8.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nfs-utils-1.2.5-8.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-9466/nfs-utils-1.2.5-8.fc16
then log in and leave karma (feedback).
Comment 13 Fedora Update System 2012-07-02 18:27:52 EDT
nfs-utils-1.2.5-8.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.