Bug 1043558 - chown does not respect NFSv4 no_root_squash
Summary: chown does not respect NFSv4 no_root_squash
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nfs-utils-lib
Version: 6.5
Hardware: Unspecified
OS: Unspecified
urgent
high
Target Milestone: rc
: 6.6
Assignee: Steve Dickson
QA Contact: JianHong Yin
URL:
Whiteboard:
: 1072291 (view as bug list)
Depends On:
Blocks: 994246 1093093 1093148 1106351 1127166
TreeView+ depends on / blocked
 
Reported: 2013-12-16 16:10 UTC by Martin Schuppert
Modified: 2018-12-09 17:22 UTC (History)
12 users (show)

Fixed In Version: nfs-utils-lib-1.1.5-7.el6
Doc Type: Bug Fix
Doc Text:
Previously, when the chown utility was used on NFSv4 mount, chown did not adhere the no_root_squash option, and thus was not able to change the user and group ownership of each given file. The libnfsidmap, a library to help mapping IDs mainly for NFSv4, has been patched, and chown now handles the user and group ownership as expected.
Clone Of:
: 1093093 1106351 (view as bug list)
Environment:
Last Closed: 2014-10-14 06:32:41 UTC


Attachments (Terms of Use)
data_root.pcap (11.79 KB, application/vnd.tcpdump.pcap)
2013-12-16 16:10 UTC, Martin Schuppert
no flags Details
data_test.pcap (5.31 KB, application/vnd.tcpdump.pcap)
2013-12-16 16:11 UTC, Martin Schuppert
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1451 normal SHIPPED_LIVE nfs-utils-lib bug fix and enhancement update 2014-10-14 01:05:38 UTC
Red Hat Knowledge Base (Solution) 514303 None None None Never

Description Martin Schuppert 2013-12-16 16:10:53 UTC
Created attachment 837300 [details]
data_root.pcap

Description of problem:

when chown a file on nfsv4 mount it seems to not respect NFSv4 no_root_squash option:

NFS server export:
[root@nfs ~]# cat /etc/exports
/scratch *(rw,fsid=0,async,insecure,no_root_squash)

[root@nfs ~]# exportfs -rv
exporting *:/scratch

NFS Client:
[root@client ~]# mount -t nfs  -o vers=4 nfs.example.org:/ /mnt/rhel6/

[root@client ~]# cat /proc/mounts
rootfs / rootfs rw 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
devtmpfs /dev devtmpfs rw,relatime,size=500204k,nr_inodes=125051,mode=755 0 0
devpts /dev/pts devpts rw,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /dev/shm tmpfs rw,relatime 0 0
/dev/mapper/myvg-rootvol / ext4 rw,relatime,barrier=1,data=ordered 0 0
/proc/bus/usb /proc/bus/usb usbfs rw,relatime 0 0
/dev/vda1 /boot ext3 rw,relatime,errors=continue,user_xattr,acl,barrier=1,data=ordered 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0
sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw,relatime 0 0
nfs.example.org:/ /mnt/rhel6 nfs4 rw,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.33.20.36,minorversion=0,local_lock=none,addr=10.33.20.128 0 0


Create a file:
[root@client ~]# touch /mnt/rhel6/testfile_root
[root@client ~]# ll /mnt/rhel6/testfile_root
-rw-r--r-- 1 root root 0 Dec 16  2013 /mnt/rhel6/testfile_root

Chown the file:
[root@client ~]# chown root:root /mnt/rhel6/testfile_root
[root@client ~]# ll /mnt/rhel6/testfile_root
-rw-r--r-- 1 nobody nobody 0 Dec 16  2013 /mnt/rhel6/testfile_root

Doing the same for a "normal" user works as expected:
[root@client ~]# su - test

Create a file:
[test@client ~]$ touch /mnt/rhel6/testfile_test
[test@client ~]$ ll /mnt/rhel6/testfile_test
-rw-rw-r-- 1 test test 0 Dec 16  2013 /mnt/rhel6/testfile_test

Chown the file:
[test@client ~]$ chown test:test /mnt/rhel6/testfile_test
[test@client ~]$ ll /mnt/rhel6/testfile_test
-rw-rw-r-- 1 test test 0 Dec 16  2013 /mnt/rhel6/testfile_test


Version-Release number of selected component (if applicable):
-RHEL 6.5
-kernel-2.6.32-431.1.2.el6.x86_64
-nfs-utils-1.2.3-39.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. cat /etc/exports 
/scratch *(rw,fsid=0,async,insecure,no_root_squash)

2. # mount -t nfs  -o vers=4 nfs.example.org:/ /mnt/rhel6/

3. # touch /mnt/rhel6/testfile_root
=> check file perms:
-rw-r--r-- 1 root root 0 Dec 16  2013 /mnt/rhel6/testfile_root

4. # chown root:root /mnt/rhel6/testfile_root
=> check file perms:
-rw-r--r-- 1 nobody nobody 0 Dec 16  2013 /mnt/rhel6/testfile_root

Actual results:
chown to root:root results in nobody:nobody

Expected results:
chown to root:root results in root:root

Additional info:
attached 
* data_root.pcap mount/touch/chown as root user
* data_test.pcap touch/chown as test user

Comment 1 Martin Schuppert 2013-12-16 16:11:32 UTC
Created attachment 837301 [details]
data_test.pcap

Comment 3 Martin Schuppert 2013-12-16 16:29:55 UTC
It works when setting nfs4_disable_idmapping=n

[root@client ~]# cat /etc/modprobe.d/nfs.conf 
options nfs nfs4_disable_idmapping=n


[root@client ~]# mount -t nfs  -o vers=4 nfs.example.org:/ /mnt/rhel6/
[root@client ~]# touch /mnt/rhel6/testfile_rootttt
[root@client ~]# ll /mnt/rhel6/testfile_rootttt
-rw-r--r-- 1 root root 0 Dec 16  2013 /mnt/rhel6/testfile_rootttt

[root@client ~]# chown root:root /mnt/rhel6/testfile_rootttt
[root@client ~]# ll /mnt/rhel6/testfile_rootttt
-rw-r--r-- 1 root root 0 Dec 16  2013 /mnt/rhel6/testfile_rootttt

Comment 7 Steve Dickson 2014-04-30 14:55:30 UTC
This is the needed fix  for libnfsidmap 

diff -up ./libnfsidmap.c.orig ./libnfsidmap.c
--- ./libnfsidmap.c.orig	2014-04-30 10:19:28.000000000 -0400
+++ ./libnfsidmap.c	2014-04-30 10:49:05.000000000 -0400
@@ -99,8 +99,12 @@ static char * toupper_str(char *s)
 static int id_as_chars(char *name, int *id)
 {
 	long int value = strtol(name, NULL, 10);
-	if (value == 0)
-		return 0;
+
+	if (value == 0) {
+		/* check for zero id values */
+		if (strcmp(name, "0") != 0)
+			return 0;
+	}
 	*id = (int)value;
 	return 1;
 }

Comment 9 Steve Dickson 2014-04-30 18:23:13 UTC
commit 3226c06989186d9cd60ba146df4e2898fee5047b
Author: Steve Dickson <steved@redhat.com>
Date:   Wed Apr 30 11:14:22 2014 -0400

    libnfsidmap: id_as_chars() fails zero value ids.
    
    Root has a zero value id which is valid and
    should not be mapped to nfsnobody
    
    Signed-off-by: Steve Dickson <steved@redhat.com>

Upstream tag: libnfsidmap-0-26-rc4

Comment 12 JianHong Yin 2014-05-04 09:24:22 UTC
*** Bug 1072291 has been marked as a duplicate of this bug. ***

Comment 18 errata-xmlrpc 2014-10-14 06:32:41 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1451.html


Note You need to log in before you can comment on or make changes to this bug.