>Number: 151326
>Category: kern
>Synopsis: nfs exports fail if netgroups contain duplicate entries
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 08 23:30:05 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Jeff Strunk
>Release: 8.1-RELEASE
>Organization:
The University of Texas at Austin Department of Mathematics
>Environment:
FreeBSD thinkmate2.ma.utexas.edu 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19
02:36:49 UTC 2010 [email protected]:/usr/obj/usr/src/sys/GENERIC
amd64
>Description:
We are setting up a couple of file servers using ZFS to replace our old Debian
file servers. We have been using netgroups to allow a group of admin machines
to access the files without remapping root to nobody(no_root_squash on linux
and -maproot=0 on FreeBSD). All of our machines that access the nfs servers are
in the utm netgroup. We use an export line for that netgroup to restrict rw
access to our nfs servers.
So, our exports file in FreeBSD looks like(there are more lines, but they all
look like these with the filesystem changed):
/thinkmate1 -maproot=0 admin
/thinkmate1 utm
When mountd is started, it logs:
Oct 8 16:37:21 thinkmate2 mountd[2242]: bad exports list line /thinkmate1
utm
mountd -d shows the following the 2nd time a filesystem is exported:
mountd: can't change attributes for /thinkmate1
When I try to mount /thinkmate1 from an admin machine, it works. Also, root is
able to read and write any files. When I try to mount on a non-admin machine,
the client reports that it was denied by the server.
If I reverse the exports lines, all hosts in the utm netgroup can access
/thinkmate1, but root on admin hosts is mapped to nobody.
I discovered that some hostnames are found in both the admin and utm netgroups.
When I took the admin hosts out of the utm netgroup, everything worked. This is
not a problem on either Linux or Solaris.
>How-To-Repeat:
1) Create the following files.
/etc/netgroup(replace 4 spaces with tab):
admin \
(hosta,,domain)
domain \
(hosta,,domain) \
(hostb,,domain)
/etc/exports:
/export -maproot=0 admin
/export domain
2) Restart mountd.
3) Try to nfs mount /export from hostb.
>Fix:
The workaround is to clean up duplicate netgroup entries. It looks like each
host can only be in one netgroup.
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
