Bug 1106351 - chown does not respect NFSv4 no_root_squash
Summary: chown does not respect NFSv4 no_root_squash
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nfs-utils-lib
Version: 6.5
Hardware: Unspecified
OS: Unspecified
urgent
high
Target Milestone: rc
: ---
Assignee: Steve Dickson
QA Contact: JianHong Yin
URL:
Whiteboard:
: 1127166 (view as bug list)
Depends On: 1043558
Blocks: 1127166
TreeView+ depends on / blocked
 
Reported: 2014-06-09 07:17 UTC by Jan Kurik
Modified: 2018-12-09 17:57 UTC (History)
14 users (show)

Fixed In Version: nfs-utils-lib-1.1.5-6.el6_5
Doc Type: Bug Fix
Doc Text:
Previously, when the chown utility was used on NFSv4 mount, chown did not adhere the no_root_squash option, and thus was not able to change the user and group ownership of each given file. The libnfsidmap, a library to help mapping IDs mainly for NFSv4, has been patched, and chown now handles the user and group ownership as expected.
Clone Of: 1043558
: 1127166 (view as bug list)
Environment:
Last Closed: 2014-08-04 08:14:07 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:0996 normal SHIPPED_LIVE nfs-utils-lib bug fix update 2014-08-04 12:13:40 UTC
Red Hat Knowledge Base (Solution) 514303 None None None Never

Description Jan Kurik 2014-06-09 07:17:30 UTC
This bug has been copied from bug #1043558 and has been proposed
to be backported to 6.5 z-stream (EUS).

Comment 8 JianHong Yin 2014-07-21 02:35:42 UTC
Verifying:
J:699295 	RHBA-2014:18250-04-nfs-utils(1)-M.1.1-:/Multihost/idmapping@RHEL-6.5@2014-07-21_09:29:04..--install=nfs-utils-lib-1.1.5-6.el6_5 -

Comment 10 errata-xmlrpc 2014-08-04 08:14:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0996.html

Comment 11 Kapetanakis Giannis 2014-08-05 10:28:05 UTC
After upgrading to nfs-utils-lib-1.1.5-6.el6_5
nfs mounts do not work anymore.

export on server is done with: (rw,sync,root_squash)
mount on client is done with autofs 
-fstype=nfs,nosuid,nodev,soft,bg,nfsvers=3

I get this in syslog:
Aug  5 12:50:14 client nfsidmap[1351]: nss_getpwnam: name 'root@example.com' does not map into domain 'sub.example.com'

Downgrading to nfs-utils-lib-1.1.5-6.el6.x86_64 fixed the problem.

regards,

Giannis

Comment 12 jas 2014-08-05 13:39:51 UTC
Steve,

Unfortunately, I don't think this fix resolves the problem.

I've installed the updated nfs-utils-lib-1.1.5-6.el6_5

# rpm -q -a | grep nfs-utils-lib
nfs-utils-lib-1.1.5-6.el6_5.x86_64

I'm also running the latest kernel 2.6.32-431.23.3.el6.

On client NFSv4 share is mounted like this: hard,intr,bg,tcp,acl
On server it is exported to this client like this: rw,sync,no_root_squash

On client, after mounting filesystem:
# touch newfile
newfile shows as owned by "root".
# chown root:root newfile
# ls -al newfile
-rw------- 1 nobody nobody 0 Aug  5 09:34 newfile

Syslog: Aug  5 09:25:12 elf elf nfsidmap[5076]: nss_getpwnam: name 'nobody' does not map into domain 'cs.yorku.ca'

Comment 13 JianHong Yin 2014-08-06 08:05:09 UTC
(In reply to jas from comment #12)
> Steve,
> 
> Unfortunately, I don't think this fix resolves the problem.
> 
> I've installed the updated nfs-utils-lib-1.1.5-6.el6_5
> 
> # rpm -q -a | grep nfs-utils-lib
> nfs-utils-lib-1.1.5-6.el6_5.x86_64
> 
> I'm also running the latest kernel 2.6.32-431.23.3.el6.
> 
> On client NFSv4 share is mounted like this: hard,intr,bg,tcp,acl
> On server it is exported to this client like this: rw,sync,no_root_squash
> 
> On client, after mounting filesystem:
> # touch newfile
> newfile shows as owned by "root".
> # chown root:root newfile
> # ls -al newfile
> -rw------- 1 nobody nobody 0 Aug  5 09:34 newfile
> 
> Syslog: Aug  5 09:25:12 elf elf nfsidmap[5076]: nss_getpwnam: name 'nobody'
> does not map into domain 'cs.yorku.ca'

works for me:

[01:56:24 root@ ~~]# chown qa:qa $mnt/file3
:: [   PASS   ] :: Test root chown return code correct. (Expected 0, got 0)
--------------------------------------------------------------------------------
[01:56:24 root@ ~~]# ls -l $mnt/file3
-rw-r--r--. 1 qa qa 0 Aug  6 01:56 /nfs-mount/file3
--------------------------------------------------------------------------------
[01:56:24 root@ ~~]# /usr/bin/test  $(stat --format=%U.%G $mnt/file3) = "qa.qa"
:: [   PASS   ] :: Test chown result correct(qa.qa) (Expected 0, got 0)
--------------------------------------------------------------------------------
[01:56:25 root@ ~~]# chown root:root $mnt/file3
:: [   PASS   ] :: Test root chown return code correct. (Expected 0, got 0)
--------------------------------------------------------------------------------
[01:56:25 root@ ~~]# ls -l $mnt/file3
-rw-r--r--. 1 root root 0 Aug  6 01:56 /nfs-mount/file3
--------------------------------------------------------------------------------
[01:56:25 root@ ~~]# /usr/bin/test  $(stat --format=%U.%G $mnt/file3) = "root.root"
:: [   PASS   ] :: Test chown result correct(root.root) (Expected 0, got 0)
--------------------------------------------------------------------------------
[01:56:25 root@ ~~]# chown qa:qa $mnt/file3
:: [   PASS   ] :: Test root chown return code correct. (Expected 0, got 0)
--------------------------------------------------------------------------------
[01:56:25 root@ ~~]# ls -l $mnt/file3
-rw-r--r--. 1 qa qa 0 Aug  6 01:56 /nfs-mount/file3
--------------------------------------------------------------------------------
[01:56:25 root@ ~~]# /usr/bin/test  $(stat --format=%U.%G $mnt/file3) = "qa.qa"
:: [   PASS   ] :: Test chown result correct(qa.qa) (Expected 0, got 0)


------------------------------------------------
Time & CURDIR : [2014-08-06 01:54:39 @/mnt/tests/CoreOS/nfs-utils/function/idmapping]
Case Name     : /CoreOS/nfs-utils/function/idmapping
$HOSTNAME     : ibm-z10-12.rhts.eng.bos.redhat.com
Distro Info   : RedHatEnterpriseServer 6.5 : RHEL-6.5
NVR & host    : Linux ibm-z10-12.rhts.eng.bos.redhat.com 2.6.32-431.el6.s390x #1 SMP Sun Nov 10 22:21:52 EST 2013 s390x s390x s390x GNU/Linux
cmdline       :
	root=/dev/mapper/vg_ibmz1012-lv_root rd_DASD=0.0.2197 rd_NO_LUKS rd_DASD=0.0.2097 LANG=en_US.UTF-8 rd_NO_MD  KEYTABLE=us rd_DASD=0.0.2297 rd_DASD=0.0.2397 rd_LVM_LV=vg_ibmz1012/lv_swap  rd_LVM_LV=vg_ibmz1012/lv_root SYSFONT=latarcyrheb-sun16 rd_NO_DM BOOT_IMAGE=0
Package Info  :
	libtirpc-0.2.1-6.el6_4.s390x
	nfs-utils-1.2.3-39.el6.s390x
------------------------------------------------
nfs-utils-lib exists on the system and is not kernel..  Upgrading
Retrieving http://porkchop.redhat.com/brewroot/packages/nfs-utils-lib/1.1.5/6.el6_5/s390x/nfs-utils-lib-1.1.5-6.el6_5.s390x.rpm
Preparing...                ##################################################
nfs-utils-lib               ##################################################

Comment 14 JianHong Yin 2014-08-06 09:42:25 UTC
Got it. if use the default value nfs4_disable_idmapping, test fail;
reopen it.

Comment 15 JianHong Yin 2014-08-06 10:14:21 UTC
*** Bug 1127166 has been marked as a duplicate of this bug. ***

Comment 16 JianHong Yin 2014-08-06 10:16:27 UTC
how to reopen this bug?

Comment 17 Lukas Herbolt 2014-08-12 12:08:10 UTC
(In reply to Yin.JianHong from comment #16)
> how to reopen this bug?

Can you describe which test fail to test it with CU.

Comment 18 JianHong Yin 2014-08-13 00:34:09 UTC
(In reply to Lukas Herbolt from comment #17)
> (In reply to Yin.JianHong from comment #16)
> > how to reopen this bug?
> 
> Can you describe which test fail to test it with CU.

chown to qa:qa return success, but ls -l got nobody.nobody

if use default config(disable idmapping), is this the expect result?

test log:
-----------------
[14:31:46 root@ ~~]# chown qa:qa $mnt/file3
:: [   PASS   ] :: Test root chown return code correct. (Expected 0, got 0)
--------------------------------------------------------------------------------
[14:31:46 root@ ~~]# ls -l $mnt/file3
-rw-r--r--. 1 nobody nobody 0 Aug  7 14:31 /nfs-mount/file3
:: [   PASS   ] :: Running 'ls -l $mnt/file3' (Expected 0, got 0)
--------------------------------------------------------------------------------
[14:31:46 root@ ~~]# /usr/bin/test  $(stat --format=%U.%G $mnt/file3) = "qa.qa"
:: [   FAIL   ] :: Test chown result correct(qa.qa) (Expected 0, got 1)


Note You need to log in before you can comment on or make changes to this bug.