Bug 734598 - rpcbind no longer runs as user rpc (runs as root)
Summary: rpcbind no longer runs as user rpc (runs as root)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: rpcbind
Version: 17
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Steve Dickson
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-30 21:06 UTC by Vincent Danen
Modified: 2013-02-20 14:43 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-12-20 16:07:20 UTC


Attachments (Terms of Use)

Description Vincent Danen 2011-08-30 21:06:35 UTC
After seeing a SUSE bug report about rpcbind running as root, I did some poking to make sure we did the same.  Looking at RHEL6 and Fedora 14, rpcbind is definitely running as user rpc without any "special sauce":


[root@odvfc14 ~]# ps aux|grep rpcbind|grep -v grep
rpc      14217  0.0  0.0   2556   552 ?        Ss   14:58   0:00 rpcbind

However, on Fedora 15, this is not the case:


[root@odvfc15 db]# ps aux|grep rpcbind|grep -v grep
root      5771  0.0  0.0   2552   404 ?        Ss   14:53   0:00 rpcbind

I don't see anything obvious in the rpcbind.spec or in how rpcbind is started other than that it is now started via systemd rather than via the service command.

This is a fairly significant regression.  Strangely enough, rpc.statd is running as non-privileged user:


[root@odvfc15 db]# ps aux|grep rpc|grep -v grep
root      1158  0.0  0.0      0     0 ?        S<   Aug29   0:00 [rpciod]
root      5771  0.0  0.0   2552   404 ?        Ss   14:53   0:00 rpcbind
root      8273  0.0  0.0   3104   308 ?        Ss   Aug29   0:00 rpc.idmapd
rpcuser   8344  0.0  0.0   2624   920 ?        Ss   Aug29   0:00 rpc.statd

I've observed this on two F15 installs; both have made no changes to any configuration related to NFS/RPC/etc.

Comment 1 Fedora End Of Life 2012-08-07 18:39:49 UTC
This message is a notice that Fedora 15 is now at end of life. Fedora
has stopped maintaining and issuing updates for Fedora 15. It is
Fedora's policy to close all bug reports from releases that are no
longer maintained. At this time, all open bugs with a Fedora 'version'
of '15' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that
we were unable to fix it before Fedora 15 reached end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora, you are encouraged to click on
"Clone This Bug" (top right of this page) and open it against that
version of Fedora.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

The process we are following is described here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 2 Vincent Danen 2012-08-09 21:42:46 UTC
This is still an issue in Fedora 16:

root       465  0.0  0.0      0     0 ?        S<   Aug07   0:00 [rpciod]
root       907  0.0  0.0  19172   888 ?        Ss   Aug07   0:00 /sbin/rpcbind -w
root       913  0.0  0.0  27752   436 ?        Ss   Aug07   0:00 /usr/sbin/rpc.idmapd
rpcuser    930  0.0  0.0  27756  1420 ?        Ss   Aug07   0:00 /sbin/rpc.statd

and Fedora 17:

root       332  0.0  0.0      0     0 ?        S<   Aug07   0:00 [rpciod]
root       860  0.0  0.0  19160  1000 ?        Ss   Aug07   0:00 /sbin/rpcbind -w
rpcuser   1089  0.0  0.0  23532  1372 ?        Ss   Aug07   0:00 /sbin/rpc.statd
root      1116  0.0  0.0 113240   148 ?        Ss   Aug07   0:00 /usr/sbin/rpc.rquotad
root      1118  0.0  0.0  25448   684 ?        Ss   Aug07   0:00 /usr/sbin/rpc.idmapd
root      1119  0.0  0.0  23972   908 ?        Ss   Aug07   0:00 /usr/sbin/rpc.mountd


Is this intentional?

Comment 3 Fedora Update System 2012-10-15 02:39:00 UTC
rpcbind-0.2.0-18.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/rpcbind-0.2.0-18.fc18

Comment 4 Fedora Update System 2012-10-15 02:40:26 UTC
rpcbind-0.2.0-17.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/rpcbind-0.2.0-17.fc17

Comment 5 Fedora Update System 2012-10-15 17:39:25 UTC
Package rpcbind-0.2.0-18.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing rpcbind-0.2.0-18.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-16144/rpcbind-0.2.0-18.fc18
then log in and leave karma (feedback).

Comment 6 Peter Lemenkov 2012-10-16 05:26:03 UTC
This update caused a regression:

Oct 16 09:21:29 nostromo systemd[1]: Starting RPC bind service...
Oct 16 09:21:29 nostromo systemd[1]: Starting NFS Server...
Oct 16 09:21:29 nostromo rpcbind: cannot get uid of 'rpc': Permission denied
Oct 16 09:21:29 nostromo systemd[1]: Started RPC bind service.
Oct 16 09:21:29 nostromo kernel: [  239.380782] xs_local_setup_socket: unhandled error (111) connecting to /var/run/rpcbind.sock
Oct 16 09:21:29 nostromo kernel: [  239.382186] svc: failed to register nfsdv2 RPC service (errno 111).
Oct 16 09:21:29 nostromo kernel: [  239.382390] svc: failed to register nfsaclv2 RPC service (errno 111).
Oct 16 09:21:29 nostromo kernel: [  239.382916] nfsd: last server has exited, flushing export cache
Oct 16 09:21:29 nostromo rpc.nfsd[800]: rpc.nfsd: writing fd to kernel failed: errno 111 (Connection refused)
Oct 16 09:21:29 nostromo kernel: [  239.407310] xs_local_setup_socket: unhandled error (111) connecting to /var/run/rpcbind.sock
Oct 16 09:21:29 nostromo kernel: [  239.408224] svc: failed to register nfsdv2 RPC service (errno 97).
Oct 16 09:21:29 nostromo kernel: [  239.408339] svc: failed to register nfsaclv2 RPC service (errno 97).
Oct 16 09:21:29 nostromo kernel: [  239.408856] nfsd: last server has exited, flushing export cache
Oct 16 09:21:29 nostromo rpc.nfsd[800]: rpc.nfsd: unable to set any sockets for nfsd
Oct 16 09:21:29 nostromo systemd[1]: nfs-server.service: main process exited, code=exited, status=1
Oct 16 09:21:29 nostromo systemd[1]: Failed to start NFS Server.
Oct 16 09:21:29 nostromo systemd[1]: Dependency failed for NFS Remote Quota Server.
Oct 16 09:21:29 nostromo systemd[1]: Job nfs-rquotad.service/start failed with result 'dependency'.
Oct 16 09:21:29 nostromo systemd[1]: Dependency failed for NFS Mount Daemon.
Oct 16 09:21:29 nostromo systemd[1]: Job nfs-mountd.service/start failed with result 'dependency'.
Oct 16 09:21:29 nostromo systemd[1]: Dependency failed for NFSv4 ID-name mapping daemon.
Oct 16 09:21:29 nostromo systemd[1]: Job nfs-idmap.service/start failed with result 'dependency'.
Oct 16 09:21:29 nostromo systemd[1]: Unit nfs-server.service entered failed state.

Comment 7 Steve Dickson 2012-10-16 12:18:06 UTC
Think the problem is:
    Oct 16 09:21:29 nostromo rpcbind: cannot get uid of 'rpc': Permission denied
I wonder why rpcbind can not get the uid of the rpc user... 

could you please turn off SELinux with 'setenforce 0' and then try again...

Comment 8 Peter Lemenkov 2012-10-18 17:11:39 UTC
Confirmed - this is a selinux-related bug described in issue 867415.

Comment 9 Fedora Update System 2012-10-23 17:34:33 UTC
rpcbind-0.2.0-20.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/rpcbind-0.2.0-20.fc18

Comment 10 Fedora Update System 2012-12-20 16:07:22 UTC
rpcbind-0.2.0-20.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Henrique Martins 2013-02-20 14:43:15 UTC
I get several lines with this message:
  xs_local_setup_socket: unhandled error (111) connecting to /var/run/rpcbind.sock
when one of my systems is shutting down (and maybe when powering up too).

Rpcbind and rpc.statd are still running as rpc and rpcuser, if that's relevant:

root       378     2  0 Feb19 ?        00:00:00 [rpciod] 
rpc       1087     1  0 Feb19 ?        00:00:00 /sbin/rpcbind -w  
rpcuser   1108     1  0 Feb19 ?        00:00:00 /sbin/rpc.statd -p 662 -o 2020 
root      1225     1  0 Feb19 ?        00:00:00 /usr/sbin/rpc.mountd -p 892 
root      1227     1  0 Feb19 ?        00:00:00 /usr/sbin/rpc.rquotad -p 875 
root      1228     1  0 Feb19 ?        00:00:00 /usr/sbin/rpc.idmapd 

My kernel and rpcbind:

kernel-3.7.8-202.fc18.x86_64 
rpcbind-0.2.0-20.fc18.x86_64

Selinux is disabled.


Note You need to log in before you can comment on or make changes to this bug.