Bug 1202700 - mount.nfs permission denied on IPv6 address with mount option "user" in configure file "/etc/fstab"
Summary: mount.nfs permission denied on IPv6 address with mount option "user" in confi...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nfs-utils
Version: 6.6
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Steve Dickson
QA Contact: Yongcheng Yang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-03-17 09:09 UTC by Yongcheng Yang
Modified: 2015-07-22 06:50 UTC (History)
3 users (show)

Fixed In Version: nfs-utils-1.2.3-64.el6
Doc Type: Bug Fix
Doc Text:
Not needed a customer was never affected by the issue
Clone Of:
Environment:
Last Closed: 2015-07-22 06:50:19 UTC
Target Upstream Version:

Attachments (Terms of Use)
Patch that fixes the problem (563 bytes, patch)
2015-04-29 13:18 UTC, Steve Dickson 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1342 0 normal SHIPPED_LIVE nfs-utils bug fix and enhancement update 2015-07-20 17:54:08 UTC

Description Yongcheng Yang 2015-03-17 09:09:39 UTC 
Description of problem:
Edit /etc/fstab using the local IPv6 address with option "user" such as "[2620:52:0:4257:204:23ff:fec4:7c52]:/export /mnt/mnt_test nfs user", can't mount from a normal user, but it success with ipv4 address.

Version-Release number of selected component (if applicable):
RHEL-6.7-20150304 with nfs-utils-1.2.3-58.el6

How reproducible:
100%

Steps to Reproduce:
1. mkdir /export /mnt/mnt_test && echo "/export *(rw)" > /etc/exports && service nfs restart
2. useradd test
3. echo "[your_local_ipv6_address]:/export /mnt/mnt_test nfs user" >> /etc/fstab
4. su test --session-command="mount /mnt/mnt_test"

Actual results:
[root@intel-s3e3144-02 ~]# showmount -e
Export list for intel-s3e3144-02.rhts.eng.nay.redhat.com:
/export *
[root@intel-s3e3144-02 ~]# id test
uid=500(test) gid=500(test) groups=500(test)
[root@intel-s3e3144-02 ~]# 
[root@intel-s3e3144-02 ~]# tail -1 /etc/fstab
[2620:52:0:4257:204:23ff:fec4:7c52]:/export /mnt/mnt_test nfs user
[root@intel-s3e3144-02 ~]# su test --session-command="mount /mnt/mnt_test"
mount.nfs: permission denied: no match for /mnt/mnt_test found in /etc/fstab
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ failed as "permission denied"
[root@intel-s3e3144-02 ~]# echo $?
1
[root@intel-s3e3144-02 ~]# nfsstat -m
[root@intel-s3e3144-02 ~]# 
################################################
Then test with ipv6 root
################################################
[root@intel-s3e3144-02 ~]# tail -1 /etc/fstab
[2620:52:0:4257:204:23ff:fec4:7c52]:/export /mnt/mnt_test nfs user
[root@intel-s3e3144-02 ~]# mount /mnt/mnt_test
[root@intel-s3e3144-02 ~]# echo $?
0
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ success
[root@intel-s3e3144-02 ~]# nfsstat -m
/mnt/mnt_test from [2620:52:0:4257:204:23ff:fec4:7c52]:/export/
 Flags:	rw,nosuid,nodev,noexec,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp6,port=0,timeo=600,retrans=2,sec=sys,clientaddr=2620:52:0:4257:204:23ff:fec4:7c52,minorversion=0,local_lock=none,addr=2620:52:0:4257:204:23ff:fec4:7c52

[root@intel-s3e3144-02 ~]# umount /mnt/mnt_test/
[root@intel-s3e3144-02 ~]# 
################################################
Then test with ipv4 address
################################################
[root@intel-s3e3144-02 ~]# tail -1 /etc/fstab
10.66.86.31:/export /mnt/mnt_test nfs user
[root@intel-s3e3144-02 ~]# su test --session-command="mount /mnt/mnt_test"
[root@intel-s3e3144-02 ~]# echo $?
0
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ success
[root@intel-s3e3144-02 ~]# nfsstat -m
/mnt/mnt_test from 10.66.86.31:/export/
 Flags:	rw,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.66.86.31,minorversion=0,local_lock=none,addr=10.66.86.31

[root@intel-s3e3144-02 ~]# umount /mnt/mnt_test/
[root@intel-s3e3144-02 ~]# 


Expected results:
Should llow a user to mount using "user" option in /etc/fstab in both ipv4/ipv6

Additional info:
N/A
Comment 2 Steve Dickson 2015-03-18 16:30:34 UTC 
This is more of a bug in the mount or fstab man pages because only
only root can do NFS mounts. For non-root mount autofs should be used.
Comment 3 Yongcheng Yang 2015-03-19 04:22:24 UTC 
The same option can work with IPv4 address as Description said, maybe they should be consistency:
Not allow non-root mount by fstab, or allow non-root mount for both IPv4 and IPv6
Comment 4 Steve Dickson 2015-04-28 15:50:42 UTC 
(In reply to Yongcheng Yang from comment #3)
> The same option can work with IPv4 address as Description said, maybe they
> should be consistency:
> Not allow non-root mount by fstab, or allow non-root mount for both IPv4 and
> IPv6

So you are saying non-root IPv4 NFS mounts work from the /etc/fstab? 
That is very hard to believe.
Comment 5 Yongcheng Yang 2015-04-29 09:39:49 UTC 
(In reply to Steve Dickson from comment #4)
> (In reply to Yongcheng Yang from comment #3)
> > The same option can work with IPv4 address as Description said, maybe they
> > should be consistency:
> > Not allow non-root mount by fstab, or allow non-root mount for both IPv4 and
> > IPv6
> 
> So you are saying non-root IPv4 NFS mounts work from the /etc/fstab? 
> That is very hard to believe.

Test it against RHEL-7, seems that both IPv4 and IPv6 can works.
But in RHEL-6, only IPv4 can works.

################################################
RHEL7 non-root with IPv4 from /etc/fstab
################################################
[root@ibm-x3550m3-06 ~]# exportfs -v
/export_test  	<world>(rw,wdelay,root_squash,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
[root@ibm-x3550m3-06 ~]# tail /etc/fstab -n 1
127.0.0.1:/export_test /mnt/mnt_test nfs user
[root@ibm-x3550m3-06 ~]# su test --session-command="mount /mnt/mnt_test"
[root@ibm-x3550m3-06 ~]# echo $?
0 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< success
[root@ibm-x3550m3-06 ~]# nfsstat -m
/mnt/mnt_test from 127.0.0.1:/export_test
 Flags:	rw,nosuid,nodev,noexec,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=127.0.0.1,local_lock=none,addr=127.0.0.1

[root@ibm-x3550m3-06 ~]# lsb_release -d
Description:	Red Hat Enterprise Linux Server release 7.1 (Maipo)
[root@ibm-x3550m3-06 ~]# 


################################################
RHEL7 non-root with IPv6 from /etc/fstab
################################################
[root@ibm-x3550m3-06 ~]# tail /etc/fstab -n 1
[::1]:/export_test /mnt/mnt_test nfs user
[root@ibm-x3550m3-06 ~]# su test --session-command="mount /mnt/mnt_test"
[root@ibm-x3550m3-06 ~]# echo $?
0 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< success
[root@ibm-x3550m3-06 ~]# nfsstat -m
/mnt/mnt_test from [::1]:/export_test
 Flags:	rw,nosuid,nodev,noexec,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp6,port=0,timeo=600,retrans=2,sec=sys,clientaddr=::1,local_lock=none,addr=::1

[root@ibm-x3550m3-06 ~]# lsb_release -d
Description:	Red Hat Enterprise Linux Server release 7.1 (Maipo)
[root@ibm-x3550m3-06 ~]# 


################################################
RHEL6 non-root with IPv4 from /etc/fstab
################################################
[root@intel-s3e3144-02 ~]# tail /etc/fstab -n 1
127.0.0.1:/export_test /mnt/mnt_test nfs user
[root@intel-s3e3144-02 ~]# su test --session-command="mount /mnt/mnt_test"
[root@intel-s3e3144-02 ~]# echo $?
0 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< success
[root@intel-s3e3144-02 ~]# nfsstat -m
/mnt/mnt_test from 127.0.0.1:/export_test/
 Flags:	rw,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=127.0.0.1,minorversion=0,local_lock=none,addr=127.0.0.1

[root@intel-s3e3144-02 ~]# lsb_release -d
Description:	Red Hat Enterprise Linux Server release 6.7 Beta (Santiago)
[root@intel-s3e3144-02 ~]# 


################################################
RHEL6 non-root with IPv6 from /etc/fstab
################################################
[root@intel-s3e3144-02 ~]# tail /etc/fstab -n 1
[::1]:/export_test /mnt/mnt_test nfs user
[root@intel-s3e3144-02 ~]# su test --session-command="mount /mnt/mnt_test"
mount.nfs: permission denied: no match for /mnt/mnt_test found in /etc/fstab
[root@intel-s3e3144-02 ~]# echo $?
1
[root@intel-s3e3144-02 ~]# nfsstat -m
[root@intel-s3e3144-02 ~]# lsb_release -d
Description:	Red Hat Enterprise Linux Server release 6.7 Beta (Santiago)
[root@intel-s3e3144-02 ~]#
Comment 6 Steve Dickson 2015-04-29 13:18:23 UTC 
Created attachment 1020153 [details]
Patch that fixes the problem
Comment 11 Yongcheng Yang 2015-05-23 01:20:14 UTC 
Verified with nfs-utils-1.2.3-64.el6 on both x86_64 and ppc64

############################################################
Beaker jobs:
https://beaker.engineering.redhat.com/jobs/963161
https://beaker.engineering.redhat.com/jobs/963390

Detailed logs:
For ppc64:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: do--Test-user-rhel6bz1202700
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

[18:58:34 root@ ~~]# echo ${MNT_ITEM} >> /etc/fstab && tail /etc/fstab -n 1
[2620:52:0:4257:f476:e5ff:fee5:d403]:/exportdir-nfs-mount-options-common /mnt/nfs-mount-options-common nfs user

MARK-LWD-LOOP -- 2015-05-22 18:58:34 --
:: [   PASS   ] :: Running 'echo ${MNT_ITEM} >> /etc/fstab && tail /etc/fstab -n 1' (Expected 0, got 0)
--------------------------------------------------------------------------------
[18:58:35 root@ ~~]# su test --session-command="mount $nfsmp"
:: [   PASS   ] :: Running 'su test --session-command="mount $nfsmp"' (Expected 0, got 0)
--------------------------------------------------------------------------------
[18:58:36 root@ ~~]# mount | grep ${TESTNAME}
[2620:52:0:4257:f476:e5ff:fee5:d403]:/exportdir-nfs-mount-options-common on /mnt/nfs-mount-options-common type nfs (rw,user=test,vers=4,addr=2620:52:0:4257:f476:e5ff:fee5:d403,clientaddr=2620:52:0:4257:f476:e5ff:fee5:d403)
:: [   PASS   ] :: Running 'mount | grep ${TESTNAME}' (Expected 0, got 0)
--------------------------------------------------------------------------------
[18:58:36 root@ ~~]# mountpoint $nfsmp && umount $nfsmp
/mnt/nfs-mount-options-common is a mountpoint
:: [   PASS   ] :: Running 'mountpoint $nfsmp && umount $nfsmp' (Expected 0, got 0)
--------------------------------------------------------------------------------

For x86_64:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: do--Test-user-rhel6bz1202700
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

[08:38:12 root@ ~~]# echo ${MNT_ITEM} >> /etc/fstab && tail /etc/fstab -n 1
[2620:52:0:13b0:2e27:d7ff:fe19:fbbf]:/exportdir-nfs-mount-options-common /mnt/nfs-mount-options-common nfs user
:: [   PASS   ] :: Running 'echo ${MNT_ITEM} >> /etc/fstab && tail /etc/fstab -n 1' (Expected 0, got 0)
--------------------------------------------------------------------------------
[08:38:12 root@ ~~]# su test --session-command="mount $nfsmp"
:: [   PASS   ] :: Running 'su test --session-command="mount $nfsmp"' (Expected 0, got 0)
--------------------------------------------------------------------------------
[08:38:13 root@ ~~]# mount | grep ${TESTNAME}
[2620:52:0:13b0:2e27:d7ff:fe19:fbbf]:/exportdir-nfs-mount-options-common on /mnt/nfs-mount-options-common type nfs (rw,user=test,vers=4,addr=2620:52:0:13b0:2e27:d7ff:fe19:fbbf,clientaddr=2620:52:0:13b0:2e27:d7ff:fe19:fbbf)
:: [   PASS   ] :: Running 'mount | grep ${TESTNAME}' (Expected 0, got 0)
--------------------------------------------------------------------------------
[08:38:13 root@ ~~]# mountpoint $nfsmp && umount $nfsmp
/mnt/nfs-mount-options-common is a mountpoint
:: [   PASS   ] :: Running 'mountpoint $nfsmp && umount $nfsmp' (Expected 0, got 0)
--------------------------------------------------------------------------------

############################################################
Move to VERIFIED
Comment 13 errata-xmlrpc 2015-07-22 06:50:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1342.html
Note You need to log in before you can comment on or make changes to this bug.