RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1106351 - chown does not respect NFSv4 no_root_squash
Summary: chown does not respect NFSv4 no_root_squash
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nfs-utils-lib
Version: 6.5
Hardware: Unspecified
OS: Unspecified
urgent
high
Target Milestone: rc
: ---
Assignee: Steve Dickson
QA Contact: JianHong Yin
URL:
Whiteboard:
: 1127166 (view as bug list)
Depends On: 1043558
Blocks: 1127166
TreeView+ depends on / blocked
 
Reported: 2014-06-09 07:17 UTC by Jan Kurik
Modified: 2018-12-09 17:57 UTC (History)
14 users (show)

Fixed In Version: nfs-utils-lib-1.1.5-6.el6_5
Doc Type: Bug Fix
Doc Text:
Previously, when the chown utility was used on NFSv4 mount, chown did not adhere the no_root_squash option, and thus was not able to change the user and group ownership of each given file. The libnfsidmap, a library to help mapping IDs mainly for NFSv4, has been patched, and chown now handles the user and group ownership as expected.
Clone Of: 1043558
: 1127166 (view as bug list)
Environment:
Last Closed: 2014-08-04 08:14:07 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 514303 0 None None None Never
Red Hat Product Errata RHBA-2014:0996 0 normal SHIPPED_LIVE nfs-utils-lib bug fix update 2014-08-04 12:13:40 UTC

Description Jan Kurik 2014-06-09 07:17:30 UTC 
This bug has been copied from bug #1043558 and has been proposed
to be backported to 6.5 z-stream (EUS).
Comment 8 JianHong Yin 2014-07-21 02:35:42 UTC 
Verifying:
J:699295 	RHBA-2014:18250-04-nfs-utils(1)-M.1.1-:/Multihost/idmapping@2014-07-21_09:29:04..--install=nfs-utils-lib-1.1.5-6.el6_5 -
Comment 10 errata-xmlrpc 2014-08-04 08:14:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0996.html
Comment 11 Kapetanakis Giannis 2014-08-05 10:28:05 UTC 
After upgrading to nfs-utils-lib-1.1.5-6.el6_5
nfs mounts do not work anymore.

export on server is done with: (rw,sync,root_squash)
mount on client is done with autofs 
-fstype=nfs,nosuid,nodev,soft,bg,nfsvers=3

I get this in syslog:
Aug  5 12:50:14 client nfsidmap[1351]: nss_getpwnam: name 'root' does not map into domain 'sub.example.com'

Downgrading to nfs-utils-lib-1.1.5-6.el6.x86_64 fixed the problem.

regards,

Giannis
Comment 12 jas 2014-08-05 13:39:51 UTC 
Steve,

Unfortunately, I don't think this fix resolves the problem.

I've installed the updated nfs-utils-lib-1.1.5-6.el6_5

# rpm -q -a | grep nfs-utils-lib
nfs-utils-lib-1.1.5-6.el6_5.x86_64

I'm also running the latest kernel 2.6.32-431.23.3.el6.

On client NFSv4 share is mounted like this: hard,intr,bg,tcp,acl
On server it is exported to this client like this: rw,sync,no_root_squash

On client, after mounting filesystem:
# touch newfile
newfile shows as owned by "root".
# chown root:root newfile
# ls -al newfile
-rw------- 1 nobody nobody 0 Aug  5 09:34 newfile

Syslog: Aug  5 09:25:12 elf elf nfsidmap[5076]: nss_getpwnam: name 'nobody' does not map into domain 'cs.yorku.ca'
Comment 13 JianHong Yin 2014-08-06 08:05:09 UTC 
(In reply to jas from comment #12)
> Steve,
> 
> Unfortunately, I don't think this fix resolves the problem.
> 
> I've installed the updated nfs-utils-lib-1.1.5-6.el6_5
> 
> # rpm -q -a | grep nfs-utils-lib
> nfs-utils-lib-1.1.5-6.el6_5.x86_64
> 
> I'm also running the latest kernel 2.6.32-431.23.3.el6.
> 
> On client NFSv4 share is mounted like this: hard,intr,bg,tcp,acl
> On server it is exported to this client like this: rw,sync,no_root_squash
> 
> On client, after mounting filesystem:
> # touch newfile
> newfile shows as owned by "root".
> # chown root:root newfile
> # ls -al newfile
> -rw------- 1 nobody nobody 0 Aug  5 09:34 newfile
> 
> Syslog: Aug  5 09:25:12 elf elf nfsidmap[5076]: nss_getpwnam: name 'nobody'
> does not map into domain 'cs.yorku.ca'

works for me:

[01:56:24 root@ ~~]# chown qa:qa $mnt/file3
:: [   PASS   ] :: Test root chown return code correct. (Expected 0, got 0)
--------------------------------------------------------------------------------
[01:56:24 root@ ~~]# ls -l $mnt/file3
-rw-r--r--. 1 qa qa 0 Aug  6 01:56 /nfs-mount/file3
--------------------------------------------------------------------------------
[01:56:24 root@ ~~]# /usr/bin/test  $(stat --format=%U.%G $mnt/file3) = "qa.qa"
:: [   PASS   ] :: Test chown result correct(qa.qa) (Expected 0, got 0)
--------------------------------------------------------------------------------
[01:56:25 root@ ~~]# chown root:root $mnt/file3
:: [   PASS   ] :: Test root chown return code correct. (Expected 0, got 0)
--------------------------------------------------------------------------------
[01:56:25 root@ ~~]# ls -l $mnt/file3
-rw-r--r--. 1 root root 0 Aug  6 01:56 /nfs-mount/file3
--------------------------------------------------------------------------------
[01:56:25 root@ ~~]# /usr/bin/test  $(stat --format=%U.%G $mnt/file3) = "root.root"
:: [   PASS   ] :: Test chown result correct(root.root) (Expected 0, got 0)
--------------------------------------------------------------------------------
[01:56:25 root@ ~~]# chown qa:qa $mnt/file3
:: [   PASS   ] :: Test root chown return code correct. (Expected 0, got 0)
--------------------------------------------------------------------------------
[01:56:25 root@ ~~]# ls -l $mnt/file3
-rw-r--r--. 1 qa qa 0 Aug  6 01:56 /nfs-mount/file3
--------------------------------------------------------------------------------
[01:56:25 root@ ~~]# /usr/bin/test  $(stat --format=%U.%G $mnt/file3) = "qa.qa"
:: [   PASS   ] :: Test chown result correct(qa.qa) (Expected 0, got 0)


------------------------------------------------
Time & CURDIR : [2014-08-06 01:54:39 @/mnt/tests/CoreOS/nfs-utils/function/idmapping]
Case Name     : /CoreOS/nfs-utils/function/idmapping
$HOSTNAME     : ibm-z10-12.rhts.eng.bos.redhat.com
Distro Info   : RedHatEnterpriseServer 6.5 : RHEL-6.5
NVR & host    : Linux ibm-z10-12.rhts.eng.bos.redhat.com 2.6.32-431.el6.s390x #1 SMP Sun Nov 10 22:21:52 EST 2013 s390x s390x s390x GNU/Linux
cmdline       :
	root=/dev/mapper/vg_ibmz1012-lv_root rd_DASD=0.0.2197 rd_NO_LUKS rd_DASD=0.0.2097 LANG=en_US.UTF-8 rd_NO_MD  KEYTABLE=us rd_DASD=0.0.2297 rd_DASD=0.0.2397 rd_LVM_LV=vg_ibmz1012/lv_swap  rd_LVM_LV=vg_ibmz1012/lv_root SYSFONT=latarcyrheb-sun16 rd_NO_DM BOOT_IMAGE=0
Package Info  :
	libtirpc-0.2.1-6.el6_4.s390x
	nfs-utils-1.2.3-39.el6.s390x
------------------------------------------------
nfs-utils-lib exists on the system and is not kernel..  Upgrading
Retrieving http://porkchop.redhat.com/brewroot/packages/nfs-utils-lib/1.1.5/6.el6_5/s390x/nfs-utils-lib-1.1.5-6.el6_5.s390x.rpm
Preparing...                ##################################################
nfs-utils-lib               ##################################################
Comment 14 JianHong Yin 2014-08-06 09:42:25 UTC 
Got it. if use the default value nfs4_disable_idmapping, test fail;
reopen it.
Comment 15 JianHong Yin 2014-08-06 10:14:21 UTC 
*** Bug 1127166 has been marked as a duplicate of this bug. ***
Comment 16 JianHong Yin 2014-08-06 10:16:27 UTC 
how to reopen this bug?
Comment 17 Lukas Herbolt 2014-08-12 12:08:10 UTC 
(In reply to Yin.JianHong from comment #16)
> how to reopen this bug?

Can you describe which test fail to test it with CU.
Comment 18 JianHong Yin 2014-08-13 00:34:09 UTC 
(In reply to Lukas Herbolt from comment #17)
> (In reply to Yin.JianHong from comment #16)
> > how to reopen this bug?
> 
> Can you describe which test fail to test it with CU.

chown to qa:qa return success, but ls -l got nobody.nobody

if use default config(disable idmapping), is this the expect result?

test log:
-----------------
[14:31:46 root@ ~~]# chown qa:qa $mnt/file3
:: [   PASS   ] :: Test root chown return code correct. (Expected 0, got 0)
--------------------------------------------------------------------------------
[14:31:46 root@ ~~]# ls -l $mnt/file3
-rw-r--r--. 1 nobody nobody 0 Aug  7 14:31 /nfs-mount/file3
:: [   PASS   ] :: Running 'ls -l $mnt/file3' (Expected 0, got 0)
--------------------------------------------------------------------------------
[14:31:46 root@ ~~]# /usr/bin/test  $(stat --format=%U.%G $mnt/file3) = "qa.qa"
:: [   FAIL   ] :: Test chown result correct(qa.qa) (Expected 0, got 1)
Note You need to log in before you can comment on or make changes to this bug.