[Bug 777535] New: Autofs will not mount a NFS4 share with 0750 permissions
https://bugzilla.novell.com/show_bug.cgi?id=777535 https://bugzilla.novell.com/show_bug.cgi?id=777535#c0 Summary: Autofs will not mount a NFS4 share with 0750 permissions Classification: openSUSE Product: openSUSE 12.2 Version: RC 2 Platform: i586 OS/Version: openSUSE 12.2 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: lynn@steve-ss.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1226.0 Safari/537.4 SUSE/22.0.1226.0 server openSUSE 12.1 the folder /home2/staff has 0750 permissions root:staff2 etc/exports /home2/staff *(rw,sec=krb5) client openSUSE 12.2 RC2 /etc/auto.master /home2/staff /etc/auto.misc /etc/auto.misc * -rw,sec=krb5 server:/home2/staff/& Reproducible: Always Steps to Reproduce: 1. login on the client as user1 who is a member of the group staff2 2. user1 gets a ticket and successfully logs on Actual Results: the home directory of user1 (/home2/staff/user1) is not automounted An error message no such directory home2/staff/user1 Expected Results: The directory is automounted Three workarounds: 1. mounting with NFS3 instead solves the problem. Change: /etc/auto.misc * -rw,sec=krb5,vers=3 server:/home2/staff/& 2. Change the permissions of the exported directory to 0755 if you want automounted NFS4. Not really an option as it allows everyone into the share. 3. Use 12.1 which works with the same config. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c1
--- Comment #1 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c
kk zhang
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c2
--- Comment #2 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c3
Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c
Leonardo Chiquitto
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c4
Leonardo Chiquitto
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c5
--- Comment #5 from lynn wilson
This seems wrong:
# etc/exports /home2/staff *(rw,sec=krb5)
No. It's not wrong
To use NFSv4 you need at least to set the fsid (add fsid=0 to the export options).
exporting from fsid=0 is no longer needed nor recommended for Linux. Please see the nfs wiki: http://wiki.linux-nfs.org/wiki/index.php/Nfsv4_configuration (last paragraph) Please note that this syntax (without the fsid pseudoroot) works for other automounted shares which are 0755
If it still fails, please set DEFAULT_LOGGING="debug" in /etc/sysconfig/autofs, restart AutoFS and reproduce the problem. Then attach the output generated in /var/log/messages here.
In any case, I doubt it's AutoFS specific. Please also try to mount the volume manually and see if it works.
Mounting the share manually works fine: mount -t nfs server:/home2/staff /mount-point -osec=krb5 allows user1 access. I'll add the debug line if you could comment on these bits and pieces. Maybe need subtree_check? Thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c6
lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c7
--- Comment #7 from Leonardo Chiquitto
To use NFSv4 you need at least to set the fsid (add fsid=0 to the export options). exporting from fsid=0 is no longer needed nor recommended for Linux. Please see the nfs wiki: http://wiki.linux-nfs.org/wiki/index.php/Nfsv4_configuration (last paragraph)
Thanks for the information, I didn't know that.
Mounting the share manually works fine:
mount -t nfs server:/home2/staff /mount-point -osec=krb5 allows user1 access.
Isn't it mounting as v3 here? If I understand correctly, you must something like: # mount -t nfs4 -osec=krb5 server:/home2/staff/dir /mount-point to simulate what AutoFS is actually trying to mount.
I'll add the debug line if you could comment on these bits and pieces.
We need the debug log to see how AutoFS is trying to mount the volume.
Maybe need subtree_check?
Don't know, it's easier to try than to speculate whether it will make a difference or not :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c
Leonardo Chiquitto
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c8
lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c9
--- Comment #9 from lynn wilson
Hi Here is user s10, a member of the group staff
SERVER /home2/staff os 0750 root:staff
/etc/exports /home2/staff *(rw,sec=sys:krb5,subtree_check)
CLIENT /etc/auto.master /home2/staff /etc/auto.staff
/etc/auto.master * -rw,sec=krb5,subtree_check SERVER:/home2/staff/&
Here is an example session (it's the same at the consol or using su. I used su because it's easier to copy and paste from the Vbox client like this)
s10 logs in and expects to get his home directory automounted: steve@hh10:~> su s10 Password: Warning: Your password will expire in 41 days on Tue 09 Oct 2012 05:51:59 PM CEST s10@hh10:/home/steve> cd ~ bash: cd: /home2/staff/s10: No such file or directory
Here is the (correct) log: Aug 29 11:55:22 hh10 su: pam_krb5[3307]: authentication succeeds for 's10' (s10@HH3.SITE) Aug 29 11:55:22 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:22 hh10 automount[3288]: handle_packet_missing_indirect: token 72, name s10, request pid 3311 Aug 29 11:55:22 hh10 automount[3288]: dev_ioctl_send_fail: token = 72 Aug 29 11:55:22 hh10 su: (to s10) steve on /dev/pts/2 Aug 29 11:55:22 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:22 hh10 automount[3288]: handle_packet_missing_indirect: token 73, name s10, request pid 3307 Aug 29 11:55:22 hh10 automount[3288]: dev_ioctl_send_fail: token = 73 Aug 29 11:55:22 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:23 hh10 automount[3288]: handle_packet_missing_indirect: token 74, name s10, request pid 3307 Aug 29 11:55:23 hh10 automount[3288]: dev_ioctl_send_fail: token = 74 Aug 29 11:55:23 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:23 hh10 automount[3288]: handle_packet_missing_indirect: token 75, name s10, request pid 3317 Aug 29 11:55:23 hh10 automount[3288]: dev_ioctl_send_fail: token = 75 Aug 29 11:55:23 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:23 hh10 automount[3288]: handle_packet_missing_indirect: token 76, name s10, request pid 3317 Aug 29 11:55:23 hh10 automount[3288]: dev_ioctl_send_fail: token = 76 Aug 29 11:55:23 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:23 hh10 automount[3288]: handle_packet_missing_indirect: token 77, name s10, request pid 3317 Aug 29 11:55:23 hh10 automount[3288]: dev_ioctl_send_fail: token = 77 Aug 29 11:55:23 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:23 hh10 automount[3288]: handle_packet_missing_indirect: token 78, name s10, request pid 3317 Aug 29 11:55:23 hh10 automount[3288]: dev_ioctl_send_fail: token = 78 Aug 29 11:55:23 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:23 hh10 automount[3288]: handle_packet_missing_indirect: token 79, name s10, request pid 3317 Aug 29 11:55:23 hh10 automount[3288]: dev_ioctl_send_fail: token = 79 Aug 29 11:55:23 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:23 hh10 automount[3288]: handle_packet_missing_indirect: token 80, name s10, request pid 3317 Aug 29 11:55:23 hh10 automount[3288]: dev_ioctl_send_fail: token = 80 Aug 29 11:55:23 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:23 hh10 automount[3288]: handle_packet_missing_indirect: token 81, name s10, request pid 3317 Aug 29 11:55:23 hh10 automount[3288]: dev_ioctl_send_fail: token = 81 Aug 29 11:55:23 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:23 hh10 automount[3288]: handle_packet_missing_indirect: token 82, name s10, request pid 3317 Aug 29 11:55:23 hh10 automount[3288]: dev_ioctl_send_fail: token = 82 Aug 29 11:55:23 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:23 hh10 automount[3288]: handle_packet_missing_indirect: token 83, name s10, request pid 3317 Aug 29 11:55:23 hh10 automount[3288]: dev_ioctl_send_fail: token = 83 Aug 29 11:55:23 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:23 hh10 automount[3288]: handle_packet_missing_indirect: token 84, name s10, request pid 3317 Aug 29 11:55:23 hh10 automount[3288]: dev_ioctl_send_fail: token = 84 Aug 29 11:55:26 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:26 hh10 automount[3288]: handle_packet_missing_indirect: token 85, name s10, request pid 3317 Aug 29 11:55:26 hh10 automount[3288]: dev_ioctl_send_fail: token = 85 Aug 29 11:55:26 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:26 hh10 automount[3288]: handle_packet_missing_indirect: token 86, name s10, request pid 3317 Aug 29 11:55:26 hh10 automount[3288]: dev_ioctl_send_fail: token = 86 Aug 29 11:55:26 hh10 automount[3288]: handle_packet: type = 3 Aug 29 11:55:26 hh10 automount[3288]: handle_packet_missing_indirect: token 87, name s10, request pid 3317 Aug 29 11:55:26 hh10 automount[3288]: dev_ioctl_send_fail: token = 87 Aug 29 11:59:12 hh10 automount[3288]: st_expire: state 1 path /home2/staff Aug 29 11:59:12 hh10 automount[3288]: expire_proc: exp_proc = 3052403520 path /home2/staff Aug 29 11:59:12 hh10 automount[3288]: expire_cleanup: got thid 3052403520 path /home2/staff stat 0 Aug 29 11:59:12 hh10 automount[3288]: expire_cleanup: sigchld: exp 3052403520 finished, switching from 2 to 1 Aug 29 11:59:12 hh10 automount[3288]: st_ready: st_ready(): state = 2 path /home2/staff Aug 29 11:59:32 hh10 automount[3288]: st_expire: state 1 path /home2/home Aug 29 11:59:32 hh10 automount[3288]: expire_proc: exp_proc = 3052403520 path /home2/home Aug 29 11:59:32 hh10 automount[3288]: expire_cleanup: got thid 3052403520 path /home2/home stat 0 Aug 29 11:59:32 hh10 automount[3288]: expire_cleanup: sigchld: exp 3052403520 finished, switching from 2 to 1 Aug 29 11:59:32 hh10 automount[3288]: st_ready: st_ready(): state = 2 path /home2/home Aug 29 12:00:47 hh10 automount[3288]: handle_packet: type = 3 Aug 29 12:00:47 hh10 automount[3288]: handle_packet_missing_indirect: token 88, name s10, request pid 3317 Aug 29 12:00:47 hh10 automount[3288]: attempting to mount entry /home2/staff/s10 Aug 29 12:00:47 hh10 automount[3288]: lookup_mount: lookup(file): looking up s10 Aug 29 12:00:47 hh10 automount[3288]: lookup_mount: lookup(file): s10 -> -rw,sec=krb5,subtree_check hh1:/home2/staff/& Aug 29 12:00:47 hh10 automount[3288]: parse_mount: parse(sun): expanded entry: -rw,sec=krb5,subtree_check hh1:/home2/staff/s10 Aug 29 12:00:47 hh10 automount[3288]: parse_mount: parse(sun): gathered options: rw,sec=krb5,subtree_check Aug 29 12:00:47 hh10 automount[3288]: parse_mount: parse(sun): dequote("hh1:/home2/staff/s10") -> hh1:/home2/staff/s10 Aug 29 12:00:47 hh10 automount[3288]: parse_mount: parse(sun): core of entry: options=rw,sec=krb5,subtree_check, loc=hh1:/home2/staff/s10 Aug 29 12:00:47 hh10 automount[3288]: sun_mount: parse(sun): mounting root /home2/staff, mountpoint s10, what hh1:/home2/staff/s10, fstype nfs, options rw,sec=krb5,subtree_check Aug 29 12:00:47 hh10 automount[3288]: mount_mount: mount(nfs): root=/home2/staff name=s10 what=hh1:/home2/staff/s10, fstype=nfs, options=rw,sec=krb5,subtree_check Aug 29 12:00:47 hh10 automount[3288]: mount_mount: mount(nfs): nfs options="rw,sec=krb5,subtree_check", nobind=0, nosymlink=0, ro=0 Aug 29 12:00:47 hh10 automount[3288]: get_nfs_info: called with host hh1(192.168.1.2) proto tcp version 0x30 Aug 29 12:00:47 hh10 automount[3288]: get_nfs_info: nfs v3 rpc ping time: 0.002342 Aug 29 12:00:47 hh10 automount[3288]: get_nfs_info: nfs v2 rpc ping time: 0.002041 Aug 29 12:00:47 hh10 automount[3288]: get_nfs_info: host hh1 cost 2191 weight 0 Aug 29 12:00:47 hh10 automount[3288]: get_nfs_info: called with host hh1(192.168.1.2) proto udp version 0x30 Aug 29 12:00:47 hh10 automount[3288]: get_nfs_info: nfs v3 rpc ping time: 0.006340 Aug 29 12:00:47 hh10 automount[3288]: get_nfs_info: nfs v2 rpc ping time: 0.002946 Aug 29 12:00:47 hh10 automount[3288]: get_nfs_info: host hh1 cost 4642 weight 0 Aug 29 12:00:47 hh10 automount[3288]: prune_host_list: selected subset of hosts that support NFS3 over TCP Aug 29 12:00:47 hh10 automount[3288]: mount_mount: mount(nfs): calling mkdir_path /home2/staff/s10 Aug 29 12:00:48 hh10 automount[3288]: mount_mount: mount(nfs): calling mount -t nfs -s -o rw,sec=krb5,subtree_check hh1:/home2/staff/s10 /home2/staff/s10 Aug 29 12:00:48 hh10 automount[3288]: spawn_mount: mtab link detected, passing -n to mount Aug 29 12:00:48 hh10 automount[3288]: >> mount.nfs: access denied by server while mounting hh1:/home2/staff/s10 Aug 29 12:00:48 hh10 automount[3288]: mount(nfs): nfs: mount failure hh1:/home2/staff/s10 on /home2/staff/s10
Other users with parent folders of 0755 _can_ mount their home directories.
/home2/home is root:root 0755
Here is a user steve2 using /etc/auto.home * -rw,sec=krb5,subtree_check SERVER:/home2/home/&
Here is the (successful)mount
output: hh1:/home2/home/steve2 on /home2/home/steve2 type nfs4 (rw,relatime,vers=4.0,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5,clientaddr=192.168.1.41,local_lock=none,addr=192.168.1.2)
And here is the log: Aug 29 11:46:11 hh10 automount[3054]: dev_ioctl_send_fail: token = 46 Aug 29 11:46:19 hh10 su: pam_krb5[3143]: TGT verified using key for 'host/hh10.hh3.site@HH3.SITE' Aug 29 11:46:19 hh10 automount[3054]: handle_packet: type = 3 Aug 29 11:46:19 hh10 automount[3054]: handle_packet_missing_indirect: token 47, name steve2, request pid 3144 Aug 29 11:46:19 hh10 automount[3054]: attempting to mount entry /home2/home/steve2 Aug 29 11:46:19 hh10 automount[3054]: lookup_mount: lookup(file): looking up steve2 Aug 29 11:46:19 hh10 automount[3054]: lookup_mount: lookup(file): steve2 -> -rw,sec=krb5,subtree_check hh1:/home2/home/& Aug 29 11:46:19 hh10 automount[3054]: parse_mount: parse(sun): expanded entry: -rw,sec=krb5,subtree_check hh1:/home2/home/steve2 Aug 29 11:46:19 hh10 automount[3054]: parse_mount: parse(sun): gathered options: rw,sec=krb5,subtree_check Aug 29 11:46:19 hh10 automount[3054]: parse_mount: parse(sun): dequote("hh1:/home2/home/steve2") -> hh1:/home2/home/steve2 Aug 29 11:46:19 hh10 automount[3054]: parse_mount: parse(sun): core of entry: options=rw,sec=krb5,subtree_check, loc=hh1:/home2/home/steve2 Aug 29 11:46:19 hh10 automount[3054]: sun_mount: parse(sun): mounting root /home2/home, mountpoint steve2, what hh1:/home2/home/steve2, fstype nfs, options rw,sec=krb5,subtree_check Aug 29 11:46:19 hh10 automount[3054]: mount_mount: mount(nfs): root=/home2/home name=steve2 what=hh1:/home2/home/steve2, fstype=nfs, options=rw,sec=krb5,subtree_check Aug 29 11:46:19 hh10 automount[3054]: mount_mount: mount(nfs): nfs options="rw,sec=krb5,subtree_check", nobind=0, nosymlink=0, ro=0 Aug 29 11:46:19 hh10 automount[3054]: get_nfs_info: called with host hh1(192.168.1.2) proto tcp version 0x30 Aug 29 11:46:20 hh10 automount[3054]: get_nfs_info: nfs v3 rpc ping time: 0.010410 Aug 29 11:46:20 hh10 automount[3054]: get_nfs_info: nfs v2 rpc ping time: 0.002786 Aug 29 11:46:20 hh10 automount[3054]: get_nfs_info: host hh1 cost 6598 weight 0 Aug 29 11:46:20 hh10 automount[3054]: get_nfs_info: called with host hh1(192.168.1.2) proto udp version 0x30 Aug 29 11:46:20 hh10 automount[3054]: get_nfs_info: nfs v3 rpc ping time: 0.007133 Aug 29 11:46:20 hh10 automount[3054]: get_nfs_info: nfs v2 rpc ping time: 0.001830 Aug 29 11:46:20 hh10 automount[3054]: get_nfs_info: host hh1 cost 4481 weight 0 Aug 29 11:46:20 hh10 automount[3054]: prune_host_list: selected subset of hosts that support NFS3 over TCP Aug 29 11:46:20 hh10 automount[3054]: mount_mount: mount(nfs): calling mkdir_path /home2/home/steve2 Aug 29 11:46:20 hh10 automount[3054]: mount_mount: mount(nfs): calling mount -t nfs -s -o rw,sec=krb5,subtree_check hh1:/home2/home/steve2 /home2/home/steve2 Aug 29 11:46:20 hh10 automount[3054]: spawn_mount: mtab link detected, passing -n to mount Aug 29 11:46:20 hh10 automount[3054]: mount_mount: mount(nfs): mounted hh1:/home2/home/steve2 on /home2/home/steve2 Aug 29 11:46:20 hh10 automount[3054]: dev_ioctl_send_ready: token = 47 Aug 29 11:46:20 hh10 automount[3054]: mounted /home2/home/steve2 Aug 29 11:46:20 hh10 su: pam_krb5[3143]: authentication succeeds for 'steve2' (steve2@HH3.SITE) Aug 29 11:46:21 hh10 su: (to steve2) steve on /dev/pts/1
Thanks
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c10
Leonardo Chiquitto
mkdir -p /home2/staff/s10 mkdir -p /home2/home/steve2
3. Try to mount the NFS volumes manually:
mount -t nfs -s -o rw,sec=krb5,subtree_check hh1:/home2/staff/s10 /home2/staff/s10 mount -t nfs -s -o rw,sec=krb5,subtree_check hh1:/home2/home/steve2 /home2/home/steve2
What's the result? 4. Change the permissions of /home2/staff and /home2/home to 750 and repeat the test. What's the result? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c11
lynn wilson
OK. Please do the following test:
1. Stop AutoFS, make sure it's not running
2. Create the destination dirs if needed:
mkdir -p /home2/staff/s10 mkdir -p /home2/home/steve2
3. Try to mount the NFS volumes manually:
mount -t nfs -s -o rw,sec=krb5,subtree_check hh1:/home2/staff/s10 /home2/staff/s10 mount -t nfs -s -o rw,sec=krb5,subtree_check hh1:/home2/home/steve2 /home2/home/steve2
What's the result? with both /home2/staff/s10 and /home2/home/steve2 0755, both mount fine.
4. Change the permissions of /home2/staff and /home2/home to 750 and repeat the test.
What's the result?
Now, neither mount: mount.nfs: access denied by server while mounting hh1:/home2/staff/s10 If I export the whole of /home2, both s10 and steve2 have access even with 0750 With NFS3, everything mounts fine 0750. For completeness, here is: cat /etc/exports #/home2 *(rw,sec=sys:krb5) /home2/home *(rw,sec=sys:krb5,subtree_check,insecure) /home2/staff *(rw,sec=sys:krb5,subtree_check,insecure) If I change /etc/exports to this: #/home2 *(rw,sec=sys:krb5) /home2/home/steve2 *(rw,sec=sys:krb5,subtree_check,insecure) /home2/staff/s10 *(rw,sec=sys:krb5,subtree_check,insecure) Then it mounts fine, 0750. But that's what I want the wild cards in the automounter to do for me, which it does but once again only for exported 0755 directories or for NFS3. Why does it mount when it's 0755 but not when it's 0750? Why does it work with NFS3 with 0750 but not NFS4? Thanks for your patience. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c12
Leonardo Chiquitto
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c13
lynn wilson
For some reason I thought you were changing the permissions on the client side, not the on server. That made everything more mysterious :)
No. I only changed permissions on the server. Before autofs starts, there is no /home2 on the client, apart from for your tests for Comment #11
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c14
Leonardo Chiquitto
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c15
lynn wilson
OK, I think I figured it out...
This happens because the export option "root_squash" is the default. Meaning that requests coming from the root user (in the client) are translated to "nobody" (in the server).
Adding "no_root_squash" to the export options should resolve the problem (but read the man page for the security implications).
Unfortunately no. It does not solve the problem. Indeed if that were the case then /home2/home/steve would not mount either. The fact that the 0755 share _does_ mount shows that no_root_squash on the 0750 exported share is not the problem. Sorry. Could this be an NFS4 bug? Or something that's not documented? I'd be surprised if I were the first to try a NFS4 mount of a 0750 share. . . Thanks again for your patience. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c16
Leonardo Chiquitto
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c17
--- Comment #17 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c18
Leonardo Chiquitto
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c19
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c20
--- Comment #20 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c21
lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c22
Leonardo Chiquitto
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c23
lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c24
--- Comment #24 from lynn wilson
Lynn, please use "tcpdump -w nfs.cap -s0 -i ethX" to capture the traffic and then attach the file nfs.cap here. It's easier to analyze the output in binary form.
Also, please provide the output of "grep . /proc/sys/net/rpc/*/content" on the server immediately after the mount attempt, as requested by Neil.
There isn't the directory you specify: hh1:/home/steve # grep . /proc/sys/net/rpc/*/content grep: /proc/sys/net/rpc/*/content: No such file or directory hh1:/home/steve # cd /proc/sys/net/rpc/ bash: cd: /proc/sys/net/rpc/: No such file or directory Any of these any good? hh1:/home/steve # cd /proc/sys/net hh1:/proc/sys/net # ls bridge core ipv4 ipv6 netfilter unix Thanks -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c25
--- Comment #25 from Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c26
--- Comment #26 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c27
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c28
lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c29
--- Comment #29 from Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c30
--- Comment #30 from lynn wilson
After editing /etc/exports, did you run "exportfs -r" ??
You need to run "exportfs -r" for any changes to /etc/exports become effective.
I restart the nfs server: rcnfsserver restart I also tried with with exportfs -r. Same resukts. Thanks, -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c31
Neil Brown
/home2/staff *(rw,sec=krb5m no_root_squash,insecure)
You seem to have an 'm' instead of a ',', and an extra space in there. Was this just a typo entering the info into bugzilla, or is that what appeared in /etc/exports. The options in /etc/export must be ',' separated, with no extra spaces. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c32
lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c33
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c34
lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c35
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c36
lynn wilson
I'm absolutely sure that no_root_squash will make it work for you. It is exactly the thing that is causing the problem. You haven't yet convinced me that you have correctly tried it. If you can show me that "/proc/fs/nfsd/exports" contains the "no_root_squash" flag and it still isn't working, we can pursue that avenue further.
OK. Again: Server: hh1:/home/steve # cat /etc/exports /home2/home *(rw,sec=krb5) /home2/staff *(rw,sec=krb5,no_root_squash) /home2/compartida *(rw,sec=krb5) hh1:/home/steve # rcnfsserver restart redirecting to systemctl Client hh10 login: s10 Password: Last Login Thu Sep 13 17:48:38 on tty2 -- s10 : /home2/staff/s10: change directory failed: No such file or directory Logging in with home = "/" s10@hh10:/> Back on the server: hh1:/home/steve # cat /proc/fs/nfsd/exports # Version 1.1 # Path Client(Flags) # IPs /home2/staff *(rw,no_root_squash,sync,wdelay,no_subtree_check,uuid=86b8cab0:beef4c0f:b9477b39:f160430c,sec=390003) / *(ro,root_squash,sync,no_wdelay,no_subtree_check,v4root,fsid=0,uuid=86b8cab0:beef4c0f:b9477b39:f160430c,sec=390003) /home2 *(ro,root_squash,sync,no_wdelay,no_subtree_check,v4root,uuid=86b8cab0:beef4c0f:b9477b39:f160430c,sec=390003) Does this give us any more clues? Thank you for your suggestions. I have trioed to answer them inline but I feel these are apart from this issue (nonetheless I would be most grateful if your could spare me any off list time to help me with these)
I cannot see why you think the wildcard automount map would reduce the burden on the NFS server. It won't reduce the amount of traffic in any way. Just having something mounted isn't a burden. Only the actual accesses cause any load and they will be the same no matter how things are mounted.
You should use the automounter for the top level directory - much better than a hard mount in /etc/fstab. However NFSv4 has internal 'automount' support. If you just mount "/", or "/foo" or whatever, then any filesystems below there (that have been exported) will automatically get mounted when they are used.
I have tried both fstab and the automounter. The automounter wins hands doen ¡n over the fstab but . . .
I'm really perplexed by your statement that the lan gets busy and slows down. Do you have any idea what sort of traffic is slowing it down?
Art and design students using big jpgs between cifs and nfs. We have a Samba 4 domain (it's a lot worse with 2008R2) and it is the transfer of large files that is the problem. The DC is separate and we have a big box serving both cifs to the m$ clients and nfs for openSUSE. As I say, this is not the issue of the bugzilla. Before you ask, using only Linux boxes is the same. If I automount the home/students/<name> directory it works instantaneously. Unless, of course the art class is in. If I mount the whole of /home2/students is much slower.
NFSv4 is certainly meant to be a replacement for NFSv3. It does not behave exactly the same way in all cases. Hopefully it is better in most cases, but you have found a corner case where it is (arguably) not as "good". But I think it is a corner that can be avoided.
(presumably the individual directories in /home2/staff do not give world access? In that case it doesn't really matter if /home2/staff does. Or do you not trust staff to keep their directories secure? I guess that could be an issue).
I understand you perfectly but I _must_ have the staff directory at 0750 to stop students entering. Once again, this is not really the subject of this bugzilla but I welcome your support and suggestions. In cifs on m$ this works perfectly. On m$ staff can enter without problems by whichever mechanism cifs uses. It is also very economical on the fileserver. So there you have it. 1001 issues each with his own opinion on what should be done in one single bugzilla. Let's please concentrate on why the 0750 share will not automount, the title of this bug. Cheers and thanks so much for your input, honesty and time. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c37
--- Comment #37 from Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c38
--- Comment #38 from lynn wilson
OK, I believe you now :-) I've even managed to reproduce it. It only happens when using krb5.
When
using 'sys' it works as I expected.
Correct. It also works with kerberized NFS3
It seems that with krb5 the client walks down the mount path as some unprivileged user which I haven't discovered the exact details of yet (kerberos is still a bit of a black box to me). So no_root_squash has no effect on it. Oh well....
We don't really use root with Kerberos. The user who has authenticated already has tickets at the point he tries to access home directory and therefore _should_ de allowed access.
I'll try to pursue this with the upstream developers as it does seem like a regression. I don't have a lot of confidence that I will get a result though as the intended use of NFSv4 is to just mount '/' and walk down from there, which works.
This is the main point of the bug so thank you so much for taking this up for me.
You say it doesn't work for you due to performance issues and I'd really like to understand that as I now think that it the best way for you to get a working configuration.
Mounting /home2 using fstab using fstab is a disaster. Forget it. Mounting it using autofs gives us a reasonable boot and logon time until we start throwing large jpg's around. I can ease the situation by splitting the /home2/students folder into home2/class1, /home2/class2, /home2/class3 and automounting * -sec=krb5 hh1:/home2/& always assuming of course that class1, class2 and class3 have 0755 permissions. The staff folder is less of a problem as it only contains around 100 users (but still needs to be 0750 staff)
You say that the performance problems are caused by students moving large jpeg files around. I can certainly imagine that might cause slowness, but I cannot see how there would be more of that if you mounted "/home2" rather than "/home2/student/$USERNAME".
It maybe because if I mount /home2, I am mounting over 2000 home folders all at the same time. If I mount just one, then surely that would improve performance. The NFS server has only one mounted folder to look after.
That exactly is it that is slower? It it the act of performing the mount, or is it all the file access one the filesystem has been mounted?
Please see the examples above amount what is slower. I really don't know. Logging in and loading a jpeg over nfs4 takes about the same time as logging in to W7 over cifs, but please remember, interesting though it is, the main bug is the non mount woth 0750 permissions Thanks Neil for your time and interest. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c39
--- Comment #39 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c40
--- Comment #40 from Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c41
--- Comment #41 from Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c42
--- Comment #42 from Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c43
--- Comment #43 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c
lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c44
--- Comment #44 from lynn wilson
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c45
--- Comment #45 from Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=777535
https://bugzilla.novell.com/show_bug.cgi?id=777535#c46
Neil Brown
participants (1)
-
bugzilla_noreply@novell.com