[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#601550: marked as done ([nfs-kernel-server] Root is always squashed when using sec=gss/krb5)



Your message dated Sat, 14 Sep 2024 09:44:32 +0200 (CEST)
with message-id <20240914074432.937BFBE2DE0@eldamar.lan>
and subject line Closing this bug (BTS maintenance for src:linux bugs)
has caused the Debian Bug report #601550,
regarding [nfs-kernel-server] Root is always squashed when using sec=gss/krb5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
601550: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601550
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: nfs-kernel-server
Version: 1:1.1.2-6lenny2
Severity: normal

--- Please enter the report below this line. ---
I have a NFSv4 server exports configured as follows:
/export       
gss/krb5(rw,fsid=0,insecure,no_root_squash,no_subtree_check,async)
/export/users 
gss/krb5(rw,nohide,insecure,no_root_squash,no_subtree_check,async)

On the other side I have clients with autofs configration like:
*       -fstype=nfs4,rw,soft,intr,bg,nosuid,nodev,sec=krb5,port=2049,proto=tcp  
nfs.mydomain.cz:/users/&

Everythink works great for regular users but when root is always squashed even 
when I set no_root_squash. I tried a configuration without kerberos and it 
worked as expected (I just removed gss/krb5 and sec=krb5 from configurations). 
Using kerberos root is always mapped to nobody:nogroup. Output from idmapd:

root@server# rpc.idmapd -c /etc/idmapd.conf -f -vvv
rpc.idmapd: libnfsidmap: using domain: localdomain

rpc.idmapd: libnfsidmap: using translation method: nsswitch

rpc.idmapd: Expiration time is 600 seconds.
rpc.idmapd: Opened /proc/net/rpc/nfs4.nametoid/channel
rpc.idmapd: Opened /proc/net/rpc/nfs4.idtoname/channel
rpc.idmapd: nfsdcb: authbuf=gss/krb5 authtype=user
rpc.idmapd:  Server: (user) id "0" -> name "root@localdomain"
rpc.idmapd: nfsdcb: authbuf=gss/krb5 authtype=group
rpc.idmapd:  Server: (group) id "0" -> name "root@localdomain"
rpc.idmapd: nfsdcb: authbuf=gss/krb5 authtype=user
rpc.idmapd:  Server: (user) id "2000" -> name "ares@localdomain"
rpc.idmapd: nfsdcb: authbuf=gss/krb5 authtype=group
rpc.idmapd:  Server: (group) id "2000" -> name "ares@localdomain"

--- System information. ---
Debian Release: 5.0.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/1 CPU core)
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8) (ignored: 
LC_ALL set to cs_CZ.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages nfs-kernel-server depends on:
ii  libblkid1       1.41.3-1                 block device id library
ii  libc6           2.7-18lenny6             GNU C Library: Shared libraries
ii  libcomerr2      1.41.3-1                 common error description library
ii  libgssglue1     0.1-2                    mechanism-switch gssapi library
ii  libkrb53        1.6.dfsg.4~beta1-5lenny4 MIT Kerberos runtime libraries
ii  libnfsidmap2    0.20-1                   An nfs idmapping library
ii  librpcsecgss3   0.18-1                   allows secure rpc communication 
us
ii  libwrap0        7.6.q-16                 Wietse Venema's TCP wrappers 
libra
ii  lsb-base        3.2-20                   Linux Standard Base 3.2 init 
scrip
ii  nfs-common      1:1.1.2-6lenny2          NFS support files common to client
ii  ucf             3.0016                   Update Configuration File: preserv

nfs-kernel-server recommends no packages.

nfs-kernel-server suggests no packages.







--- End Message ---
--- Begin Message ---
Hi

[This reply and bug closer is sent for doing BTS maintenance for
src:nfs-utils bugs]

This bug was reported against a very old nfs-utils version without much
followups/triaging itself.

If you can reproduce it with the current version in unstable/testing or
stable at least, please reopen the bug,
https://www.debian.org/Bugs/server-control for details.

Regards,
Salvatore

--- End Message ---

Reply to: