Bug#850713: linux-image-4.8.0-0.bpo.2-amd64: can't mount NFS shares via nfs referrals

To: Ben Hutchings <ben@decadent.org.uk>, <850713@bugs.debian.org>, Jörg Höhle <hoehle@uni-mainz.de>
Subject: Bug#850713: linux-image-4.8.0-0.bpo.2-amd64: can't mount NFS shares via nfs referrals
From: Christoph Martin <martin@uni-mainz.de>
Date: Fri, 13 Jan 2017 17:42:56 +0100
Message-id: <[🔎] 050869ba-0ba3-5a8f-b3db-0515634a8a36@uni-mainz.de>
Reply-to: Christoph Martin <martin@uni-mainz.de>, 850713@bugs.debian.org
In-reply-to: <[🔎] 508cc2b1-0aa1-a390-49d2-452342f0aef3@uni-mainz.de>
References: <[🔎] 3654f1ee-a35d-685e-6428-70db82e8b27d@uni-mainz.de> <[🔎] 1483979321.3983.134.camel@decadent.org.uk> <[🔎] 508cc2b1-0aa1-a390-49d2-452342f0aef3@uni-mainz.de>

Hi Ben,

Am 10.01.2017 um 15:27 schrieb Christoph Martin:

>>
>> What does the client see as being the user-owner of the group
>> directories?
> 
> An example mount is:
> 
> fsgroups.zdv.uni-mainz.de:/groups70       2,7T    2,3T  389G   86%
> /uni-mainz.de/groups/70
> 
> On a 4.7 kernel where the mount is working an ls -ld looks like:
> 
> dr-xr-xr-x 34 root root 4096 Aug  4 16:40 /uni-mainz.de/groups/70
> 
> But these must not be the effective permissions since the volumes might
> have security style ntfs. Then the directory has ntfs acls which you
> would not see via nfs from linux.
> 
> (This is why programs which try to interpret unix permissions bits
> instead of using the access system call might give errors.)

Attached is a tcpdump of the interaction between the client 10.94.27.15,
the NFS referral server 10.94.23.116, the server where the mount
succeeded with user acls 10.94.23.112 and the server where the groupdir
mount failed 10.94.23.54.

On the client I did the following:

root# mount -t nfs -o vers=4.1,proto=tcp nfsrefer:/ /mnt

martin# ls -ld /mnt/homes/martin/
drwx--x--x 207 martin zdv-ma 49152 Jan 13 16:23 /mnt/homes/martin/

martin# ls -l /mnt/groups/70/
ls: cannot access /mnt/groups/70: No such file or directory

-

The second dump was made on the linux-4.7 kernel where it still worked.

-

We are still working on the kernel with the reverse patch.

Christoph

-- 
============================================================================
Christoph Martin, Leiter Unix-Systeme
Zentrum für Datenverarbeitung, Uni-Mainz, Germany
 Anselm Franz von Bentzel-Weg 12, 55128 Mainz
 Telefon: +49(6131)3926337
 Instant-Messaging: Jabber: martin@uni-mainz.de
  (Siehe http://www.zdv.uni-mainz.de/4010.php)

Attachment: linux-4.8-nfsrefer.dump.pcap
Description: application/vnd.tcpdump.pcap

Attachment: linux-4.7-nfsrefer.dump.pcap
Description: application/vnd.tcpdump.pcap

begin:vcard
fn:Christoph Martin
n:Martin;Christoph
org;quoted-printable;quoted-printable:Johannes Gutenberg-Universit=C3=A4t Mainz;Zentrum f=C3=BCr Datenverarbeitung
adr:;;Anselm Franz von Bentzel-Weg 12;Mainz;Rheinland-Pfalz;55128;Germany
email;internet:martin@uni-mainz.de
title:Leiter Unix-Systeme
tel;work:+49-6131-3926337
tel;fax:+49-6131-3926407
tel;cell:+49-179-7952652
x-mozilla-html:FALSE
version:2.1
end:vcard

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Bug#850713: linux-image-4.8.0-0.bpo.2-amd64: can't mount NFS shares via nfs referrals
  - From: Christoph Martin <martin@uni-mainz.de>

References:
- Bug#850713: linux-image-4.8.0-0.bpo.2-amd64: can't mount NFS shares via nfs referrals
  - From: Christoph Martin <martin@uni-mainz.de>
- Bug#850713: linux-image-4.8.0-0.bpo.2-amd64: can't mount NFS shares via nfs referrals
  - From: Ben Hutchings <ben@decadent.org.uk>
- Bug#850713: linux-image-4.8.0-0.bpo.2-amd64: can't mount NFS shares via nfs referrals
  - From: Christoph Martin <martin@uni-mainz.de>

Prev by Date: linux-signed_4_multi.changes is NEW
Next by Date: Processing of linux-latest_78_multi.changes
Previous by thread: Bug#850713: linux-image-4.8.0-0.bpo.2-amd64: can't mount NFS shares via nfs referrals
Next by thread: Bug#850713: linux-image-4.8.0-0.bpo.2-amd64: can't mount NFS shares via nfs referrals
Index(es):
- Date
- Thread