Public bug reported:
[Impact]
The NFS client's access cache becomes stale due to the user's group membership
changing on the server after the user has already logged in on the client.
The access cache only expires if either NFS_INO_INVALID_ACCESS flag is on or
timeout (without delegation).
Adding a user to a group in the NFS server will not cause any file attributes
to change.
The client will encounter permission errors until other file attributes are
changed or the memory cache is dropped.
[Fix]
The access cache shall be cleared once the user logs out and logs back
in again.
0eb43812c0270ee3d005ff32f91f7d0a6c4943af NFS: Clear the file access cache upon
login
029085b8949f5d269ae2bbd14915407dd0c7f902 NFS: Judge the file access cache's
timestamp in rcu path
5e9a7b9c2ea18551759833146a181b14835bfe39 NFS: Fix up a sparse warning
[Test Plan]
1.[client side] testuser is not part of testgroup
testuser@kinetic:~$ ls -ld /mnt/private/
drwxrwx--- 2 root testgroup 4096 Nov 24 08:23 /mnt/private/
testuser@kinetic:~$ mktemp -p /mnt/private/
mktemp: failed to create file via template
‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied
2.[server side] add testuser into testgroup, which has access to folder
root@kinetic:~$ usermod -aG testgroup testuser &&
echo `date +'%s'` > /proc/net/rpc/auth.unix.gid/flush
3.[client side] create a file again but still fail
testuser@kinetic:~$ mktemp -p /mnt/private/
mktemp: failed to create file via template
‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied
[Where problems could occur]
The fix will apply upstream commits, so the regression can be considered as low.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Focal)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Lunar)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Lunar)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Kinetic)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2003053
Title:
NFS: client permission error after adding user to permissible group
Status in linux package in Ubuntu:
New
Status in linux source package in Bionic:
New
Status in linux source package in Focal:
New
Status in linux source package in Jammy:
New
Status in linux source package in Kinetic:
New
Status in linux source package in Lunar:
New
Bug description:
[Impact]
The NFS client's access cache becomes stale due to the user's group
membership changing on the server after the user has already logged in on the
client.
The access cache only expires if either NFS_INO_INVALID_ACCESS flag is on or
timeout (without delegation).
Adding a user to a group in the NFS server will not cause any file attributes
to change.
The client will encounter permission errors until other file attributes are
changed or the memory cache is dropped.
[Fix]
The access cache shall be cleared once the user logs out and logs back
in again.
0eb43812c0270ee3d005ff32f91f7d0a6c4943af NFS: Clear the file access cache
upon login
029085b8949f5d269ae2bbd14915407dd0c7f902 NFS: Judge the file access cache's
timestamp in rcu path
5e9a7b9c2ea18551759833146a181b14835bfe39 NFS: Fix up a sparse warning
[Test Plan]
1.[client side] testuser is not part of testgroup
testuser@kinetic:~$ ls -ld /mnt/private/
drwxrwx--- 2 root testgroup 4096 Nov 24 08:23 /mnt/private/
testuser@kinetic:~$ mktemp -p /mnt/private/
mktemp: failed to create file via template
‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied
2.[server side] add testuser into testgroup, which has access to folder
root@kinetic:~$ usermod -aG testgroup testuser &&
echo `date +'%s'` > /proc/net/rpc/auth.unix.gid/flush
3.[client side] create a file again but still fail
testuser@kinetic:~$ mktemp -p /mnt/private/
mktemp: failed to create file via template
‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied
[Where problems could occur]
The fix will apply upstream commits, so the regression can be considered as
low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003053/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
