Red Hat Bugzilla – Bug 595420
mounting subdirectory of non-root user account fails
Last modified: 2012-07-02 18:27:52 EDT
Description of problem: Use case 1: Server: # cat /etc/exports /home/kparal/devel 192.168.1.0/24(rw,no_root_squash) Client: # mount.nfs 192.168.1.1:/home/kparal/devel /mnt -v mount.nfs: timeout set for Mon May 24 16:46:36 2010 mount.nfs: trying text-based options 'vers=4,addr=192.168.1.1,clientaddr=192.168.1.2' mount.nfs: mount(2): Permission denied mount.nfs: access denied by server while mounting 192.168.1.1:/home/kparal/devel # mount.nfs 192.168.1.1:/home/kparal /mnt -v mount.nfs: timeout set for Mon May 24 17:09:51 2010 mount.nfs: trying text-based options 'vers=4,addr=192.168.1.1,clientaddr=192.168.1.2' 192.168.1.1:/home/kparal on /mnt type nfs # ll -d /mnt/ drwx------. 94 kparal kparal 4096 May 24 12:43 /mnt/ # ll /mnt ls: cannot open directory /mnt: Permission denied # (ignores no_root_squash option) Use case 2: Server: # cat /etc/exports /home/kparal 192.168.1.0/24(rw,no_root_squash) Client: everything works perfect Simply, for non-root owned directories, only the top-level directory can be exported. If you export a subdirectory, presented problems occur. Version-Release number of selected component (if applicable): Server: 2.6.33.4-95.fc13.x86_64 nfs-utils-1.2.2-2.fc13.x86_64 Client: 2.6.33.4-95.fc13.x86_64 nfs-utils-1.2.2-2.fc13.x86_64 How reproducible: Always for my machines. Also reproduced by steved @ #fedora-devel. Steps to Reproduce: 1. Share a subdirectory of non-root owned directory. 2. Try to mount it from a client. 3. Access denied by server.
Your home directory '/home/kparal/' has a permission mode of 0700 (owner only), correct?
It appears the no_root_squash export option is broken on v4 mounts..
(In reply to comment #1) > Your home directory '/home/kparal/' has a permission > mode of 0700 (owner only), correct? Correct.
I have completely the same problem on Fedora 16. It has appeared again. nfs-utils-1.2.5-3.fc16.x86_64
The problem also appears with: /home/kparal/devel/ 192.168.1.0/24(rw,all_squash,anonuid=500,anongid=500) Steve, could you please have a look at that?
The proposed upstream patch Author: Steve Dickson <steved@redhat.com> Date: Tue May 29 08:57:04 2012 -0400 Honor the no_root_squash flag on pseudo roots. If root squashing is turned off on a export that has multiple directories, the parent directories of the pseudo exports that's built, also needs to have root squashing turned off. Signed-off-by: Steve Dickson <steved@redhat.com> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c index 708eb61..ad8a3e7 100644 --- a/utils/mountd/v4root.c +++ b/utils/mountd/v4root.c @@ -92,7 +92,14 @@ v4root_create(char *path, nfs_export *export) exp = export_create(&eep, 0); if (exp == NULL) return NULL; - xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path); + /* + * Honor the no_root_squash flag + */ + if ((curexp->e_flags & NFSEXP_ROOTSQUASH) == 0) + exp->m_export.e_flags &= ~NFSEXP_ROOTSQUASH; + xlog(D_CALL, "v4root_create: path '%s' flags 0x%x", + exp->m_export.e_path, exp->m_export.e_flags); + return &exp->m_export; }
The koji build: http://koji.fedoraproject.org/koji/taskinfo?taskID=4112989
nfs-utils-1.2.5-8.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/nfs-utils-1.2.5-8.fc16
This fixes the problem only partially. Now works: /home/kparal/devel 192.168.1.0/24(rw,no_root_squash) Still doesn't work: /home/kparal/devel 192.168.1.0/24(rw,all_squash,anonuid=500,anongid=500)
(In reply to comment #9) > This fixes the problem only partially. > > Now works: > /home/kparal/devel 192.168.1.0/24(rw,no_root_squash) > > Still doesn't work: > /home/kparal/devel 192.168.1.0/24(rw,all_squash,anonuid=500,anongid=500) Ok... Lets open up another bz about anonuid/anongid not working so we can move the no_root_squash fix along... OK?
Okey dokey. Opened bug 826505.
Package nfs-utils-1.2.5-8.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing nfs-utils-1.2.5-8.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-9466/nfs-utils-1.2.5-8.fc16 then log in and leave karma (feedback).
nfs-utils-1.2.5-8.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.