Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 595420 - mounting subdirectory of non-root user account fails
Summary: mounting subdirectory of non-root user account fails
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: nfs-utils
Version: 16
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Steve Dickson
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 599198
TreeView+ depends on / blocked
 
Reported: 2010-05-24 15:11 UTC by Kamil Páral
Modified: 2012-07-02 22:27 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 599198 (view as bug list)
Environment:
Last Closed: 2012-07-02 22:27:52 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 826505 None None None Never

Internal Links: 826505

Description Kamil Páral 2010-05-24 15:11:50 UTC
Description of problem:
Use case 1:
Server:
# cat /etc/exports
/home/kparal/devel     192.168.1.0/24(rw,no_root_squash)

Client:
# mount.nfs 192.168.1.1:/home/kparal/devel /mnt -v
mount.nfs: timeout set for Mon May 24 16:46:36 2010
mount.nfs: trying text-based options 'vers=4,addr=192.168.1.1,clientaddr=192.168.1.2'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting 192.168.1.1:/home/kparal/devel

# mount.nfs 192.168.1.1:/home/kparal /mnt -v
mount.nfs: timeout set for Mon May 24 17:09:51 2010
mount.nfs: trying text-based options 'vers=4,addr=192.168.1.1,clientaddr=192.168.1.2'
192.168.1.1:/home/kparal on /mnt type nfs
# ll -d /mnt/
drwx------. 94 kparal kparal 4096 May 24 12:43 /mnt/
# ll /mnt
ls: cannot open directory /mnt: Permission denied
# (ignores no_root_squash option)

Use case 2:
Server:
# cat /etc/exports
/home/kparal     192.168.1.0/24(rw,no_root_squash)

Client:
everything works perfect

Simply, for non-root owned directories, only the top-level directory can be exported. If you export a subdirectory, presented problems occur.

Version-Release number of selected component (if applicable):
Server:
2.6.33.4-95.fc13.x86_64
nfs-utils-1.2.2-2.fc13.x86_64
Client:
2.6.33.4-95.fc13.x86_64
nfs-utils-1.2.2-2.fc13.x86_64

How reproducible:
Always for my machines. Also reproduced by steved @ #fedora-devel.

Steps to Reproduce:
1. Share a subdirectory of non-root owned directory.
2. Try to mount it from a client.
3. Access denied by server.

Comment 1 Steve Dickson 2010-06-02 16:11:31 UTC
Your home directory '/home/kparal/' has a permission 
mode of 0700 (owner only), correct?

Comment 2 Steve Dickson 2010-06-02 20:18:39 UTC
It appears the no_root_squash export option is broken on
v4 mounts..

Comment 3 Kamil Páral 2010-06-03 08:22:37 UTC
(In reply to comment #1)
> Your home directory '/home/kparal/' has a permission 
> mode of 0700 (owner only), correct?    

Correct.

Comment 4 Kamil Páral 2011-11-23 11:53:47 UTC
I have completely the same problem on Fedora 16. It has appeared again.

nfs-utils-1.2.5-3.fc16.x86_64

Comment 5 Kamil Páral 2012-04-16 15:11:25 UTC
The problem also appears with:

/home/kparal/devel/     192.168.1.0/24(rw,all_squash,anonuid=500,anongid=500)

Steve, could you please have a look at that?

Comment 6 Steve Dickson 2012-05-29 13:11:57 UTC
The proposed upstream patch

Author: Steve Dickson <steved@redhat.com>
Date:   Tue May 29 08:57:04 2012 -0400

    Honor the no_root_squash flag on pseudo roots.
    
    If root squashing is turned off on a export that
    has multiple directories, the parent directories
    of the pseudo exports that's built, also needs to
    have root squashing turned off.
    
    Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index 708eb61..ad8a3e7 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -92,7 +92,14 @@ v4root_create(char *path, nfs_export *export)
        exp = export_create(&eep, 0);
        if (exp == NULL)
                return NULL;
-       xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
+       /*
+        * Honor the no_root_squash flag 
+        */
+       if ((curexp->e_flags & NFSEXP_ROOTSQUASH) == 0)
+               exp->m_export.e_flags &= ~NFSEXP_ROOTSQUASH;
+       xlog(D_CALL, "v4root_create: path '%s' flags 0x%x", 
+               exp->m_export.e_path, exp->m_export.e_flags);
+
        return &exp->m_export;
 }

Comment 7 Steve Dickson 2012-05-29 19:57:52 UTC
The koji build:

http://koji.fedoraproject.org/koji/taskinfo?taskID=4112989

Comment 8 Fedora Update System 2012-05-29 20:11:37 UTC
nfs-utils-1.2.5-8.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/nfs-utils-1.2.5-8.fc16

Comment 9 Kamil Páral 2012-05-30 11:09:54 UTC
This fixes the problem only partially.

Now works:
/home/kparal/devel     192.168.1.0/24(rw,no_root_squash)

Still doesn't work:
/home/kparal/devel     192.168.1.0/24(rw,all_squash,anonuid=500,anongid=500)

Comment 10 Steve Dickson 2012-05-30 11:24:14 UTC
(In reply to comment #9)
> This fixes the problem only partially.
> 
> Now works:
> /home/kparal/devel     192.168.1.0/24(rw,no_root_squash)
> 
> Still doesn't work:
> /home/kparal/devel     192.168.1.0/24(rw,all_squash,anonuid=500,anongid=500)
Ok... Lets open up another bz about anonuid/anongid not working so we can move the no_root_squash fix along... OK?

Comment 11 Kamil Páral 2012-05-30 11:33:29 UTC
Okey dokey. Opened bug 826505.

Comment 12 Fedora Update System 2012-06-15 12:25:53 UTC
Package nfs-utils-1.2.5-8.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nfs-utils-1.2.5-8.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-9466/nfs-utils-1.2.5-8.fc16
then log in and leave karma (feedback).

Comment 13 Fedora Update System 2012-07-02 22:27:52 UTC
nfs-utils-1.2.5-8.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.