Red Hat Bugzilla – Bug 494585
libwrap - Nor ip, nor hostname work,, only when used ALL expression in hosts.deny access is denied
Last modified: 2009-05-20 08:41:15 EDT
There is problem with tcp_wrappers
Both IP adress and hostname is not work properly.
Only when ALL is used, it works
when used in hosts.deny
everything work as expected
when used (where ip is ip adress of client (where runned mount command)
then nfs export is mounted (shouldn't be)
access denied by tcp_wrappers
copied from bz 493631
Description of problem:
I tested support by tcp wrappers,
And it seems to be okay, until used mount locally,
in hosts.deny is
hosts.allow is empty
# mount ppcp-4as-v1.lab.bos.redhat.com:/tmp /mnt
When I tried it from another machine, everting was ok, (RPC Error:
But when I used same command on computer where nfs running, mount is succesful
(but shouldn't be)
I'm not sure if it is caused by DNS hostnames (because there is ALL in
hosts.deny) But I think, this bug shoud be fixed (not all host lookup).
In case of question, please ping me on irc #qa #urt #devel
(In reply to comment #0)
> when used (where ip is ip adress of client (where runned mount command)
> mountd: 10.16.40.140
> statd: 10.16.40.140
This should be a consequence of incorrect use of tcp_wrapper by nfs-utils. See bug #458676 for details, there should be similar case mentioned in comment 11.
> But when I used same command on computer where nfs running, mount is succesful
> (but shouldn't be)
As noted in https://bugzilla.redhat.com/show_bug.cgi?id=493631#c10 , all local access is permitted by nfs-utils regardless of tcp_wrappers configuration. This seems to be a design decision, that we may not want to change.
It can be, but dont know.
Now I tested various configuration.
When I used
connection was refused
when I add
As expected I can connect nfs export.
This look like, the problem is only when hosts.deny is used
(In reply to comment #3)
> when I add
> into hosts.access
> As expected I can connect nfs export.
> This look like, the problem is only when hosts.deny is used
See https://bugzilla.redhat.com/show_bug.cgi?id=458676#c11 for the explanation.
Strange behaviour :-)
With Respect to Comment #3, using the -93 nfs-utils package, both
hostnames and IPaddress now do indeed work in the hosts.deny files.
At least thats what my testing showed..
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.