1202700 – mount.nfs permission denied on IPv6 address with mount option "user" in configure file "/etc/fstab"

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1202700 - mount.nfs permission denied on IPv6 address with mount option "user" in configure file "/etc/fstab"

Summary: mount.nfs permission denied on IPv6 address with mount option "user" in confi...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	nfs-utils
Sub Component:
Version:	6.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Steve Dickson
QA Contact:	Yongcheng Yang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-03-17 09:09 UTC by Yongcheng Yang
Modified:	2015-07-22 06:50 UTC (History)
CC List:	3 users (show)
Fixed In Version:	nfs-utils-1.2.3-64.el6
Doc Type:	Bug Fix
Doc Text:	Not needed a customer was never affected by the issue
Clone Of:
Environment:
Last Closed:	2015-07-22 06:50:19 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Patch that fixes the problem (563 bytes, patch) 2015-04-29 13:18 UTC, Steve Dickson	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:1342	0	normal	SHIPPED_LIVE	nfs-utils bug fix and enhancement update	2015-07-20 17:54:08 UTC

Description Yongcheng Yang 2015-03-17 09:09:39 UTC

Description of problem:
Edit /etc/fstab using the local IPv6 address with option "user" such as "[2620:52:0:4257:204:23ff:fec4:7c52]:/export /mnt/mnt_test nfs user", can't mount from a normal user, but it success with ipv4 address.

Version-Release number of selected component (if applicable):
RHEL-6.7-20150304 with nfs-utils-1.2.3-58.el6

How reproducible:
100%

Steps to Reproduce:
1. mkdir /export /mnt/mnt_test && echo "/export *(rw)" > /etc/exports && service nfs restart
2. useradd test
3. echo "[your_local_ipv6_address]:/export /mnt/mnt_test nfs user" >> /etc/fstab
4. su test --session-command="mount /mnt/mnt_test"

Actual results:
[root@intel-s3e3144-02 ~]# showmount -e
Export list for intel-s3e3144-02.rhts.eng.nay.redhat.com:
/export *
[root@intel-s3e3144-02 ~]# id test
uid=500(test) gid=500(test) groups=500(test)
[root@intel-s3e3144-02 ~]# 
[root@intel-s3e3144-02 ~]# tail -1 /etc/fstab
[2620:52:0:4257:204:23ff:fec4:7c52]:/export /mnt/mnt_test nfs user
[root@intel-s3e3144-02 ~]# su test --session-command="mount /mnt/mnt_test"
mount.nfs: permission denied: no match for /mnt/mnt_test found in /etc/fstab
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ failed as "permission denied"
[root@intel-s3e3144-02 ~]# echo $?
1
[root@intel-s3e3144-02 ~]# nfsstat -m
[root@intel-s3e3144-02 ~]# 
################################################
Then test with ipv6 root
################################################
[root@intel-s3e3144-02 ~]# tail -1 /etc/fstab
[2620:52:0:4257:204:23ff:fec4:7c52]:/export /mnt/mnt_test nfs user
[root@intel-s3e3144-02 ~]# mount /mnt/mnt_test
[root@intel-s3e3144-02 ~]# echo $?
0
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ success
[root@intel-s3e3144-02 ~]# nfsstat -m
/mnt/mnt_test from [2620:52:0:4257:204:23ff:fec4:7c52]:/export/
 Flags:	rw,nosuid,nodev,noexec,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp6,port=0,timeo=600,retrans=2,sec=sys,clientaddr=2620:52:0:4257:204:23ff:fec4:7c52,minorversion=0,local_lock=none,addr=2620:52:0:4257:204:23ff:fec4:7c52

[root@intel-s3e3144-02 ~]# umount /mnt/mnt_test/
[root@intel-s3e3144-02 ~]# 
################################################
Then test with ipv4 address
################################################
[root@intel-s3e3144-02 ~]# tail -1 /etc/fstab
10.66.86.31:/export /mnt/mnt_test nfs user
[root@intel-s3e3144-02 ~]# su test --session-command="mount /mnt/mnt_test"
[root@intel-s3e3144-02 ~]# echo $?
0
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ success
[root@intel-s3e3144-02 ~]# nfsstat -m
/mnt/mnt_test from 10.66.86.31:/export/
 Flags:	rw,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.66.86.31,minorversion=0,local_lock=none,addr=10.66.86.31

[root@intel-s3e3144-02 ~]# umount /mnt/mnt_test/
[root@intel-s3e3144-02 ~]# 


Expected results:
Should llow a user to mount using "user" option in /etc/fstab in both ipv4/ipv6

Additional info:
N/A

Comment 2 Steve Dickson 2015-03-18 16:30:34 UTC

This is more of a bug in the mount or fstab man pages because only
only root can do NFS mounts. For non-root mount autofs should be used.

Comment 3 Yongcheng Yang 2015-03-19 04:22:24 UTC

The same option can work with IPv4 address as Description said, maybe they should be consistency:
Not allow non-root mount by fstab, or allow non-root mount for both IPv4 and IPv6

Comment 4 Steve Dickson 2015-04-28 15:50:42 UTC

(In reply to Yongcheng Yang from comment #3)
> The same option can work with IPv4 address as Description said, maybe they
> should be consistency:
> Not allow non-root mount by fstab, or allow non-root mount for both IPv4 and
> IPv6

So you are saying non-root IPv4 NFS mounts work from the /etc/fstab? 
That is very hard to believe.

Comment 5 Yongcheng Yang 2015-04-29 09:39:49 UTC

(In reply to Steve Dickson from comment #4)
> (In reply to Yongcheng Yang from comment #3)
> > The same option can work with IPv4 address as Description said, maybe they
> > should be consistency:
> > Not allow non-root mount by fstab, or allow non-root mount for both IPv4 and
> > IPv6
> 
> So you are saying non-root IPv4 NFS mounts work from the /etc/fstab? 
> That is very hard to believe.

Test it against RHEL-7, seems that both IPv4 and IPv6 can works.
But in RHEL-6, only IPv4 can works.

################################################
RHEL7 non-root with IPv4 from /etc/fstab
################################################
[root@ibm-x3550m3-06 ~]# exportfs -v
/export_test  	<world>(rw,wdelay,root_squash,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
[root@ibm-x3550m3-06 ~]# tail /etc/fstab -n 1
127.0.0.1:/export_test /mnt/mnt_test nfs user
[root@ibm-x3550m3-06 ~]# su test --session-command="mount /mnt/mnt_test"
[root@ibm-x3550m3-06 ~]# echo $?
0 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< success
[root@ibm-x3550m3-06 ~]# nfsstat -m
/mnt/mnt_test from 127.0.0.1:/export_test
 Flags:	rw,nosuid,nodev,noexec,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=127.0.0.1,local_lock=none,addr=127.0.0.1

[root@ibm-x3550m3-06 ~]# lsb_release -d
Description:	Red Hat Enterprise Linux Server release 7.1 (Maipo)
[root@ibm-x3550m3-06 ~]# 


################################################
RHEL7 non-root with IPv6 from /etc/fstab
################################################
[root@ibm-x3550m3-06 ~]# tail /etc/fstab -n 1
[::1]:/export_test /mnt/mnt_test nfs user
[root@ibm-x3550m3-06 ~]# su test --session-command="mount /mnt/mnt_test"
[root@ibm-x3550m3-06 ~]# echo $?
0 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< success
[root@ibm-x3550m3-06 ~]# nfsstat -m
/mnt/mnt_test from [::1]:/export_test
 Flags:	rw,nosuid,nodev,noexec,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp6,port=0,timeo=600,retrans=2,sec=sys,clientaddr=::1,local_lock=none,addr=::1

[root@ibm-x3550m3-06 ~]# lsb_release -d
Description:	Red Hat Enterprise Linux Server release 7.1 (Maipo)
[root@ibm-x3550m3-06 ~]# 


################################################
RHEL6 non-root with IPv4 from /etc/fstab
################################################
[root@intel-s3e3144-02 ~]# tail /etc/fstab -n 1
127.0.0.1:/export_test /mnt/mnt_test nfs user
[root@intel-s3e3144-02 ~]# su test --session-command="mount /mnt/mnt_test"
[root@intel-s3e3144-02 ~]# echo $?
0 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< success
[root@intel-s3e3144-02 ~]# nfsstat -m
/mnt/mnt_test from 127.0.0.1:/export_test/
 Flags:	rw,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=127.0.0.1,minorversion=0,local_lock=none,addr=127.0.0.1

[root@intel-s3e3144-02 ~]# lsb_release -d
Description:	Red Hat Enterprise Linux Server release 6.7 Beta (Santiago)
[root@intel-s3e3144-02 ~]# 


################################################
RHEL6 non-root with IPv6 from /etc/fstab
################################################
[root@intel-s3e3144-02 ~]# tail /etc/fstab -n 1
[::1]:/export_test /mnt/mnt_test nfs user
[root@intel-s3e3144-02 ~]# su test --session-command="mount /mnt/mnt_test"
mount.nfs: permission denied: no match for /mnt/mnt_test found in /etc/fstab
[root@intel-s3e3144-02 ~]# echo $?
1
[root@intel-s3e3144-02 ~]# nfsstat -m
[root@intel-s3e3144-02 ~]# lsb_release -d
Description:	Red Hat Enterprise Linux Server release 6.7 Beta (Santiago)
[root@intel-s3e3144-02 ~]#

Comment 6 Steve Dickson 2015-04-29 13:18:23 UTC

Created attachment 1020153 [details]
Patch that fixes the problem

Comment 11 Yongcheng Yang 2015-05-23 01:20:14 UTC

Verified with nfs-utils-1.2.3-64.el6 on both x86_64 and ppc64

############################################################
Beaker jobs:
https://beaker.engineering.redhat.com/jobs/963161
https://beaker.engineering.redhat.com/jobs/963390

Detailed logs:
For ppc64:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: do--Test-user-rhel6bz1202700
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

[18:58:34 root@ ~~]# echo ${MNT_ITEM} >> /etc/fstab && tail /etc/fstab -n 1
[2620:52:0:4257:f476:e5ff:fee5:d403]:/exportdir-nfs-mount-options-common /mnt/nfs-mount-options-common nfs user

MARK-LWD-LOOP -- 2015-05-22 18:58:34 --
:: [   PASS   ] :: Running 'echo ${MNT_ITEM} >> /etc/fstab && tail /etc/fstab -n 1' (Expected 0, got 0)
--------------------------------------------------------------------------------
[18:58:35 root@ ~~]# su test --session-command="mount $nfsmp"
:: [   PASS   ] :: Running 'su test --session-command="mount $nfsmp"' (Expected 0, got 0)
--------------------------------------------------------------------------------
[18:58:36 root@ ~~]# mount | grep ${TESTNAME}
[2620:52:0:4257:f476:e5ff:fee5:d403]:/exportdir-nfs-mount-options-common on /mnt/nfs-mount-options-common type nfs (rw,user=test,vers=4,addr=2620:52:0:4257:f476:e5ff:fee5:d403,clientaddr=2620:52:0:4257:f476:e5ff:fee5:d403)
:: [   PASS   ] :: Running 'mount | grep ${TESTNAME}' (Expected 0, got 0)
--------------------------------------------------------------------------------
[18:58:36 root@ ~~]# mountpoint $nfsmp && umount $nfsmp
/mnt/nfs-mount-options-common is a mountpoint
:: [   PASS   ] :: Running 'mountpoint $nfsmp && umount $nfsmp' (Expected 0, got 0)
--------------------------------------------------------------------------------

For x86_64:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: do--Test-user-rhel6bz1202700
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

[08:38:12 root@ ~~]# echo ${MNT_ITEM} >> /etc/fstab && tail /etc/fstab -n 1
[2620:52:0:13b0:2e27:d7ff:fe19:fbbf]:/exportdir-nfs-mount-options-common /mnt/nfs-mount-options-common nfs user
:: [   PASS   ] :: Running 'echo ${MNT_ITEM} >> /etc/fstab && tail /etc/fstab -n 1' (Expected 0, got 0)
--------------------------------------------------------------------------------
[08:38:12 root@ ~~]# su test --session-command="mount $nfsmp"
:: [   PASS   ] :: Running 'su test --session-command="mount $nfsmp"' (Expected 0, got 0)
--------------------------------------------------------------------------------
[08:38:13 root@ ~~]# mount | grep ${TESTNAME}
[2620:52:0:13b0:2e27:d7ff:fe19:fbbf]:/exportdir-nfs-mount-options-common on /mnt/nfs-mount-options-common type nfs (rw,user=test,vers=4,addr=2620:52:0:13b0:2e27:d7ff:fe19:fbbf,clientaddr=2620:52:0:13b0:2e27:d7ff:fe19:fbbf)
:: [   PASS   ] :: Running 'mount | grep ${TESTNAME}' (Expected 0, got 0)
--------------------------------------------------------------------------------
[08:38:13 root@ ~~]# mountpoint $nfsmp && umount $nfsmp
/mnt/nfs-mount-options-common is a mountpoint
:: [   PASS   ] :: Running 'mountpoint $nfsmp && umount $nfsmp' (Expected 0, got 0)
--------------------------------------------------------------------------------

############################################################
Move to VERIFIED

Comment 13 errata-xmlrpc 2015-07-22 06:50:19 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1342.html

Note You need to log in before you can comment on or make changes to this bug.