Bug 612790
Summary: | Regression for confusing 'mount request from unknown host' messages | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | yanfu,wang <yanwang> |
Component: | nfs-utils | Assignee: | Steve Dickson <steved> |
Status: | CLOSED NOTABUG | QA Contact: | yanfu,wang <yanwang> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.0 | CC: | bfields, jiyin, jlayton, rwheeler |
Target Milestone: | rc | Keywords: | Regression |
Target Release: | 6.0 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-11-22 16:27:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 463578 | ||
Bug Blocks: |
Description
yanfu,wang
2010-07-09 02:39:25 UTC
I am not seeing this with nfs-utils-1.2.2-4.el6.x86_64: # cat /etc/exports /home vrhel6(rw) # service nfs start # mount localhost:/home /mnt/tmp [The mount works] # umount /mnt/tmp [Change the export to some other host] # cat /etc/exports /home tophat(rw) # exportfs -arv exporting tophat:/home # mount localhost:/home /mnt/tmp mount.nfs: access denied by server while mounting localhost:/home [Fails as expected] (In reply to comment #1) > I am not seeing this with nfs-utils-1.2.2-4.el6.x86_64: > > # cat /etc/exports > /home vrhel6(rw) > # service nfs start > # mount localhost:/home /mnt/tmp > [The mount works] > # umount /mnt/tmp > > [Change the export to some other host] > # cat /etc/exports > /home tophat(rw) > # exportfs -arv > exporting tophat:/home > # mount localhost:/home /mnt/tmp > mount.nfs: access denied by server while mounting localhost:/home > [Fails as expected] hi Steve, I think you should check the /var/log/message, "refused %s request from %s for %s (%s):unmatched host" should be logged in there according to the source. I'm sorry but I am not able to reproduce this message... (In reply to comment #4) > I'm sorry but I am not able to reproduce this message... hi Steve, you can schedule job by simply run below: # kernel_workflow.py -a i386 -t /CoreOS/nfs-utils/Sanity/bz463578-confusing-mount-request-from-unknown-host -u your_mail_address -d RHEL6.0-Snapshot-9 -S rhts.redhat.com -s -w "/CoreOS/nfs-utils/Sanity/bz463578-confusing-mount-request-from-unknown-host" -l -s I've scheduled it against rhel6-snapshot9 and it's failed again: http://rhts.redhat.com/cgi-bin/rhts/test_log.cgi?id=15826421 and the bug cloned from bug 463578, I thinks the above manual steps means mountd has a list of hosts that it knows that it builds from /etc/exports, for example: # cat /etc/exports /tmp bugzilla.redhat.com(ro) If the mount request doesn't match any of those hosts, for example: # mount -t nfs localhost:/tmp /mnt note it's not "bugzilla.redhat.com" specified in /etc/exports, then you'll get the "refused %s request from %s for %s (%s):unmatched host" message in syslog, but there aren't umatch error be logged ,maybe something is causing it to skip the message for some reason. I believe the current behavior is preferred: logging a server-side error by default on every mount that fails from a client makes it too easy for an unauthorized client to fill the server's logs. If an administrator would like to get those messages anyway, they should be able to by turning on debugging with the -d option to rpc.mountd. Client-side errors are more helpful here in most cases, as they provide immediate feedback to whoever attempts the mount. The current error message from mount looks adequate to me. Suggestions welcomed for improvements to the client error message or the optional server-side debugging, but those should be separate bugs. Closed unless someone wants to disagree. (In reply to comment #8) > I believe the current behavior is preferred: logging a server-side error by > default on every mount that fails from a client makes it too easy for an > unauthorized client to fill the server's logs. > > If an administrator would like to get those messages anyway, they should be > able to by turning on debugging with the -d option to rpc.mountd. > > Client-side errors are more helpful here in most cases, as they provide > immediate feedback to whoever attempts the mount. The current error message > from mount looks adequate to me. > > Suggestions welcomed for improvements to the client error message or the > optional server-side debugging, but those should be separate bugs. > > Closed unless someone wants to disagree. ok, maybe the behavior on rhel6 is different from https://bugzilla.redhat.com/show_bug.cgi?id=463578#c2 for rhel5, I could get "refused %s request from %s for %s (%s):unmatched host" logged in /var/log/messages without turning on debug or any extra operation on rhel5. |