Re: mountd needs to reboot to change mapall argument
On Wednesday, November 14, 2012 12:30:58 PM Joe Kowalski wrote: On Saturday, November 10, 2012 04:35:33 PM Philip Guenther wrote: Hmm, it works for me, using an exports of /usr/src -mapall=guenther 127.0.0.1 /usr/obj -mapall=guenther 127.0.0.1 and switching the -mapall on /usr/src from guenther to otheruser, pkill -HUP mountd, then testing by creating a file in a mode 777 directory on the NFS mount from 127.0.0.1. Various other switches and tests show that it doesn't seem to be related to the sorting of the directory names. So: need more data. Run mountd yourself with the -d option and snag the *complete* output from start, making changes to /etc/exports and HUP'ing it, etc. I've been working with Tim on this. I looked at this some more today. Previously it seemed that the only way to change the user that mapall was configured to was to reboot the system. However today I found that by unmounting the physical partition on the server on which the export resides, and then remounting it, restarting the nfs related services, and mounting the nfs exports on the client, then the new user that mapall points to goes into effect. It seems to me that for some reason, when mountd initially applies the mapall function, the uid it applies gets stuck somewhere (the vfs layer?) and isn't cleared until the physical filesystem is unmounted and remounted. Joe Kowalski
Re: mountd needs to reboot to change mapall argument
On Saturday, November 10, 2012 04:35:33 PM Philip Guenther wrote: Hmm, it works for me, using an exports of /usr/src -mapall=guenther 127.0.0.1 /usr/obj -mapall=guenther 127.0.0.1 and switching the -mapall on /usr/src from guenther to otheruser, pkill -HUP mountd, then testing by creating a file in a mode 777 directory on the NFS mount from 127.0.0.1. Various other switches and tests show that it doesn't seem to be related to the sorting of the directory names. So: need more data. Run mountd yourself with the -d option and snag the *complete* output from start, making changes to /etc/exports and HUP'ing it, etc. I've been working with Tim on this. I set up a new exports file like yours above: # cat /etc/exports # $OpenBSD: exports,v 1.2 2002/05/31 08:15:44 pjanzen Exp $ # # NFS exports Database # See exports(5) for more information. Be very careful: misconfiguration # of this file can result in your filesystems being readable by the world. /usr/src -mapall=common 127.0.0.1 Then I setup the nfs servers by manually running the daemons: nas1#portmap mountd -d nfsd -tun4 [1] 13159 [2] 7037 [1] - Done portmap nas1#Getting export list. Got line # $OpenBSD: exports,v 1.2 2002/05/31 08:15:44 pjanzen Exp $ Got line # Got line # NFS exports Database Got line # See exports(5) for more information. Be very careful: misconfiguration Got line # of this file can result in your filesystems being readable by the world. Got line /usr/src -mapall=common 127.0.0.1 Making new ep fs=0x406,0x22b1c3bb doing opt -mapall=common 127.0.0.1 got host 127.0.0.1 exporting /usr/src unexporting / / unexporting /home /home unexporting /root /root unexporting /storage /storage unexporting /tmp /tmp unexporting /usr /usr unexporting /var /var Getting mount list. Here we go. I then chmod /usr/src to 777 so that my user common has write permissions there: #chmod 777 /usr/src I then mount the export to a local directory: #mount -t nfs 127.0.0.1:/usr/src /mnt/test And mountd then provides the following output: Got mount request from 127.0.0.1 rpcpath: /usr/src # Mount successful for /usr/src by 127.0.0.1. Got line # $OpenBSD: exports,v 1.2 2002/05/31 08:15:44 pjanzen Exp $ Got line # Got line # NFS exports Database Got line # See exports(5) for more information. Be very careful: misconfiguration Got line # of this file can result in your filesystems being readable by the world. Got line /usr/src -mapall=joe 127.0.0.1 Making new ep fs=0x3,0xd111762b doing opt -mapall=joe 127.0.0.1 got host 127.0.0.1 exporting /usr/src unexporting / / unexporting /home /home unexporting /usr /usr From there I can create a test file on the mount point while logged in as root: nas1#whoami root nas1#touch /mnt/test/test.123 nas1#ls -l /mnt/test/test.123 -rw-r--r-- 1 common wsrc 0 Nov 14 12:16 /mnt/test/test.123 The test file is correctly created with owner common as the mapall option directs. Now the problem kicks in if I edit /etc/exports, change mapall to another user, unmount the export, and HUP mountd: # $OpenBSD: exports,v 1.2 2002/05/31 08:15:44 pjanzen Exp $ # # NFS exports Database # See exports(5) for more information. Be very careful: misconfiguration # of this file can result in your filesystems being readable by the world. /usr/src -mapall=maptest 127.0.0.1 nas1#umount /mnt/test nas1#pkill -HUP mountd Got line # $OpenBSD: exports,v 1.2 2002/05/31 08:15:44 pjanzen Exp $ Got line # Got line # NFS exports Database Got line # See exports(5) for more information. Be very careful: misconfiguration Got line # of this file can result in your filesystems being readable by the world. Got line /usr/src -mapall=maptest 127.0.0.1 Making new ep fs=0x406,0x22b1c3bb doing opt -mapall=maptest 127.0.0.1 got host 127.0.0.1 exporting /usr/src unexporting / / unexporting /home /home unexporting /root /root unexporting /storage /storage unexporting /tmp /tmp unexporting /usr /usr unexporting /var /var Then remount the export: nas1#mount -t nfs 127.0.0.1:/usr/src /mnt/test/ Got mount request from 127.0.0.1 rpcpath: /usr/src Mount successful for
Re: mountd needs to reboot to change mapall argument
On Wed, Nov 7, 2012 at 5:23 PM, TimH th...@bendtel.net wrote: ... using exports file like the following... /sharedstuff -alldirs -mapall=testuser1 -network=172.20.0 -mask=255.255.255.0 Everything will work as expected at boot time. However if we change the mapall user to something else (say, testuser2), and reload the configuration, the permissions on created files act as if we have not made any changes. Hmm, it works for me, using an exports of /usr/src -mapall=guenther 127.0.0.1 /usr/obj -mapall=guenther 127.0.0.1 and switching the -mapall on /usr/src from guenther to otheruser, pkill -HUP mountd, then testing by creating a file in a mode 777 directory on the NFS mount from 127.0.0.1. Various other switches and tests show that it doesn't seem to be related to the sorting of the directory names. So: need more data. Run mountd yourself with the -d option and snag the *complete* output from start, making changes to /etc/exports and HUP'ing it, etc. Philip Guenther
mountd needs to reboot to change mapall argument
On a 5.2 system we are using nfsd with the following in rc.conf.local: portmap_flags= mountd_flags= nfsd_flags=-tun 4 using exports file like the following... /sharedstuff -alldirs -mapall=testuser1 -network=172.20.0 -mask=255.255.255.0 Everything will work as expected at boot time. However if we change the mapall user to something else (say, testuser2), and reload the configuration, the permissions on created files act as if we have not made any changes. If we do /etc/rc.d/mountd restart, mountd eventually stops running, but no startup takes place. if we verify it isn't running and then /etc/rc.d/mountd start it will come back up, but it still does not use the new -mapall setting. We have to reboot the server for the new -mapall setting to be recognized. We've tried various things to try to convince mountd to die and start with the new config. If I run mountd -d, it clearly reads the new configuration, but it acts as if the changes had not taken place. Simple changes seem to work. If we scale back the exports file to something like: /shared1 And then change it to another directory, a reload command will be enough to use the new setting. So, somehow the user permission change is what it won't take. We tried with -maproot as well. We also tried various other -mapall syntax changes. Please cc me in any replies, I am not currently on the list. --TimH Obligatory dmesg: OpenBSD 5.2 (GENERIC.MP) #365: Tue Jul 24 09:39:12 MDT 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4292739072 (4093MB) avail mem = 4156096512 (3963MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.51 @ 0xe7eea000 (33 entries) bios0: vendor Phoenix Technologies LTD version 6.00 date 08/27/2007 bios0: Supermicro PDSML acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP MCFG APIC BOOT SPCR SSDT acpi0: wakeup devices DEV1(S5) EXP1(S5) EXP5(S5) EXP6(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) USB1(S4) USB2(S4) USB3(S4) USB4(S4) EUSB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xf000, bus 0-14 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz, 1995.30 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF cpu0: 1MB 64b/line 4-way L2 cache cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz, 1995.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF cpu1: 1MB 64b/line 4-way L2 cache ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (DEV1) acpiprt2 at acpi0: bus 9 (EXP1) acpiprt3 at acpi0: bus 13 (EXP5) acpiprt4 at acpi0: bus 14 (EXP6) acpiprt5 at acpi0: bus 15 (PCIB) acpicpu0 at acpi0 acpicpu1 at acpi0 acpibtn0 at acpi0: PWRB ipmi at mainbus0 not configured pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel E7230 Host rev 0xc0 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0xc0: msi pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01: msi pci2 at ppb1 bus 9 ppb2 at pci2 dev 0 function 0 Intel IOP333 PCIE-PCIX rev 0x00 pci3 at ppb2 bus 10 arc0 at pci3 dev 14 function 0 Areca ARC-1220 rev 0x00: apic 2 int 18 arc0: 8 ports, 256MB SDRAM, firmware V1.49 2010-12-02 scsibus0 at arc0: 16 targets sd0 at scsibus0 targ 0 lun 0: Areca, ARC-1220-VOL#00, R001 SCSI3 0/direct fixed eui.0004d927f800 sd0: 4768371MB, 512 bytes/sector, 9765624320 sectors ppb3 at pci2 dev 0 function 2 Intel IOP333 PCIE-PCIX rev 0x00 pci4 at ppb3 bus 11 ppb4 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01: msi pci5 at ppb4 bus 13 em0 at pci5 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: msi, address 00:30:48:9b:10:84 ppb5 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01: msi pci6 at ppb5 bus 14 em1 at pci6 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: msi, address 00:30:48:9b:10:85 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: apic 2 int 23 uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: apic 2 int 19 uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: apic 2 int 18 uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: apic 2 int 16 ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: apic 2 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb6 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xe1 pci7 at ppb6 bus 15 vga1 at pci7 dev 0 function 0 XGI Technology Volari Z7 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100
