Bug 595420 - mounting subdirectory of non-root user account fails
mounting subdirectory of non-root user account fails
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: nfs-utils (Show other bugs)
16
All Linux
low Severity medium
: ---
: ---
Assigned To: Steve Dickson
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks: 599198
  Show dependency treegraph
 
Reported: 2010-05-24 11:11 EDT by Kamil Páral
Modified: 2012-07-02 18:27 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 599198 (view as bug list)
Environment:
Last Closed: 2012-07-02 18:27:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kamil Páral 2010-05-24 11:11:50 EDT
Description of problem:
Use case 1:
Server:
# cat /etc/exports
/home/kparal/devel     192.168.1.0/24(rw,no_root_squash)

Client:
# mount.nfs 192.168.1.1:/home/kparal/devel /mnt -v
mount.nfs: timeout set for Mon May 24 16:46:36 2010
mount.nfs: trying text-based options 'vers=4,addr=192.168.1.1,clientaddr=192.168.1.2'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting 192.168.1.1:/home/kparal/devel

# mount.nfs 192.168.1.1:/home/kparal /mnt -v
mount.nfs: timeout set for Mon May 24 17:09:51 2010
mount.nfs: trying text-based options 'vers=4,addr=192.168.1.1,clientaddr=192.168.1.2'
192.168.1.1:/home/kparal on /mnt type nfs
# ll -d /mnt/
drwx------. 94 kparal kparal 4096 May 24 12:43 /mnt/
# ll /mnt
ls: cannot open directory /mnt: Permission denied
# (ignores no_root_squash option)

Use case 2:
Server:
# cat /etc/exports
/home/kparal     192.168.1.0/24(rw,no_root_squash)

Client:
everything works perfect

Simply, for non-root owned directories, only the top-level directory can be exported. If you export a subdirectory, presented problems occur.

Version-Release number of selected component (if applicable):
Server:
2.6.33.4-95.fc13.x86_64
nfs-utils-1.2.2-2.fc13.x86_64
Client:
2.6.33.4-95.fc13.x86_64
nfs-utils-1.2.2-2.fc13.x86_64

How reproducible:
Always for my machines. Also reproduced by steved @ #fedora-devel.

Steps to Reproduce:
1. Share a subdirectory of non-root owned directory.
2. Try to mount it from a client.
3. Access denied by server.
Comment 1 Steve Dickson 2010-06-02 12:11:31 EDT
Your home directory '/home/kparal/' has a permission 
mode of 0700 (owner only), correct?
Comment 2 Steve Dickson 2010-06-02 16:18:39 EDT
It appears the no_root_squash export option is broken on
v4 mounts..
Comment 3 Kamil Páral 2010-06-03 04:22:37 EDT
(In reply to comment #1)
> Your home directory '/home/kparal/' has a permission 
> mode of 0700 (owner only), correct?    

Correct.
Comment 4 Kamil Páral 2011-11-23 06:53:47 EST
I have completely the same problem on Fedora 16. It has appeared again.

nfs-utils-1.2.5-3.fc16.x86_64
Comment 5 Kamil Páral 2012-04-16 11:11:25 EDT
The problem also appears with:

/home/kparal/devel/     192.168.1.0/24(rw,all_squash,anonuid=500,anongid=500)

Steve, could you please have a look at that?
Comment 6 Steve Dickson 2012-05-29 09:11:57 EDT
The proposed upstream patch

Author: Steve Dickson <steved@redhat.com>
Date:   Tue May 29 08:57:04 2012 -0400

    Honor the no_root_squash flag on pseudo roots.
    
    If root squashing is turned off on a export that
    has multiple directories, the parent directories
    of the pseudo exports that's built, also needs to
    have root squashing turned off.
    
    Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index 708eb61..ad8a3e7 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -92,7 +92,14 @@ v4root_create(char *path, nfs_export *export)
        exp = export_create(&eep, 0);
        if (exp == NULL)
                return NULL;
-       xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
+       /*
+        * Honor the no_root_squash flag 
+        */
+       if ((curexp->e_flags & NFSEXP_ROOTSQUASH) == 0)
+               exp->m_export.e_flags &= ~NFSEXP_ROOTSQUASH;
+       xlog(D_CALL, "v4root_create: path '%s' flags 0x%x", 
+               exp->m_export.e_path, exp->m_export.e_flags);
+
        return &exp->m_export;
 }
Comment 7 Steve Dickson 2012-05-29 15:57:52 EDT
The koji build:

http://koji.fedoraproject.org/koji/taskinfo?taskID=4112989
Comment 8 Fedora Update System 2012-05-29 16:11:37 EDT
nfs-utils-1.2.5-8.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/nfs-utils-1.2.5-8.fc16
Comment 9 Kamil Páral 2012-05-30 07:09:54 EDT
This fixes the problem only partially.

Now works:
/home/kparal/devel     192.168.1.0/24(rw,no_root_squash)

Still doesn't work:
/home/kparal/devel     192.168.1.0/24(rw,all_squash,anonuid=500,anongid=500)
Comment 10 Steve Dickson 2012-05-30 07:24:14 EDT
(In reply to comment #9)
> This fixes the problem only partially.
> 
> Now works:
> /home/kparal/devel     192.168.1.0/24(rw,no_root_squash)
> 
> Still doesn't work:
> /home/kparal/devel     192.168.1.0/24(rw,all_squash,anonuid=500,anongid=500)
Ok... Lets open up another bz about anonuid/anongid not working so we can move the no_root_squash fix along... OK?
Comment 11 Kamil Páral 2012-05-30 07:33:29 EDT
Okey dokey. Opened bug 826505.
Comment 12 Fedora Update System 2012-06-15 08:25:53 EDT
Package nfs-utils-1.2.5-8.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nfs-utils-1.2.5-8.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-9466/nfs-utils-1.2.5-8.fc16
then log in and leave karma (feedback).
Comment 13 Fedora Update System 2012-07-02 18:27:52 EDT
nfs-utils-1.2.5-8.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.