From owner-freebsd-stable@FreeBSD.ORG Fri Feb 19 18:11:39 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 626841065672 for ; Fri, 19 Feb 2010 18:11:39 +0000 (UTC) (envelope-from mamalos@eng.auth.gr) Received: from vergina.eng.auth.gr (vergina.eng.auth.gr [155.207.18.1]) by mx1.freebsd.org (Postfix) with ESMTP id CFA248FC0C for ; Fri, 19 Feb 2010 18:11:38 +0000 (UTC) Received: from mamalacation.ee.auth.gr (mamalacation.ee.auth.gr [155.207.33.29]) by vergina.eng.auth.gr (8.14.3/8.14.1) with ESMTP id o1JIBbBh022896; Fri, 19 Feb 2010 20:11:37 +0200 (EET) (envelope-from mamalos@eng.auth.gr) Message-ID: <4B7ED454.3020404@eng.auth.gr> Date: Fri, 19 Feb 2010 20:11:32 +0200 From: George Mamalakis User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.5) Gecko/20100115 Thunderbird/3.0 MIME-Version: 1.0 To: Rick Macklem References: <4B7EB1E5.3080907@eng.auth.gr> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-stable Subject: Re: mountd segfaults in NFSv4 if -alldirs is present in exports X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Feb 2010 18:11:39 -0000 On 19/02/2010 18:24, Rick Macklem wrote: > > > On Fri, 19 Feb 2010, George Mamalakis wrote: > >> Hi all, >> >> the title explains it all... >> >> But ok, let's be a bit more extensive. >> >> If I have one line in /etc/exports reading: >> >> V4: / -alldirs >> >> and try to start mountd, it segfaults with signal 11. From the >> manpage I read that -alldirs is the "second method" used to export a >> filesystem and V4 is the "third", maybe implying that they are >> mutually exclusive. Nevertheless, I suppose that mountd shouldn't >> segfault in my case, it could just refuse to start giving an error >> message or something. I've tried a different /etc/exports containing >> a dummy option -dummy instead of -alldirs and mountd won't segfault, >> hence there's no problem with its parser. >> > The "V4:" line does not export a file system. It only specifies where > the "root" is for NFSv4 and what clients/security flavours are supported > for the NFSv4 lock state Ops that aren't associated with any file handle > is. (There can be multiple V4: lines for different hosts, but they should > differ in their "-sec" specification and only that.) The file systems > must still be exported by separate lines, just like NFSv2,3. > > It happens that "-alldirs" always applies to NFSv4, since it does > not use the Mount protocol and can mount anything under the "root" > that has been exported. > > As such, "-sec" plus the ones related to specifying host(s) > "-network, -mask" are the only ones that should be in the "V4:" > line(s). > > But, of course it shouldn't segfault. I'll put that on my to do > list. > > Thanks for reporting it, rick > Yes Rick, I understood that there was something wrong with my syntax but I wouldn't expect a segfault, as you already have stated :). Moreover, this is the problem that I was facing in one of my previous emails with the title "Kerberized NFSv3 incorrect behavior". In my last email to you I was claiming that mountd segfaults when both NFSD and KGSSAPI (along with device crypto) exist in the kernel config file. You replied to me that you would have it fixed. Now I understood that the problem had nothing to do with KGSSAPI, my problem was my /etc/exports file that contained -alldirs in V4 line. So no need to check if there's a conflict with KGSSAPI, there isn't :). Now, two last questions. question 1) I want to export my /export directory with -sec=krb5 to my clients, and the configuration of my server and client is respectively as follows: - server: /etc/exports: V4: / -sec=krb5 /export /etc/rc.conf rpcbind_enable="YES" mountd_flags="-e" nfs_server_enable="YES" nfsv4_server_enable="YES" nfsuserd_enable="YES" gssd_enable="YES" KERNEL: options NFSD options KGSSAPI device crypto -client: rc.conf: gssd_enable="YES" nfsuserd_enable="YES" nfsclient_enable="YES" rpcbind_enable="YES" nfs_client_flags="-n 4" rpc_statd_enable="YES" rpc_lockd_enable="YES" KERNEL: options KGSSAPI device crypto As I said, heimdal seems to work fine, all keytabs are where they should be, and I don't know how to mount the partition to my client. When I run: [root@fbsdclient ~]# mount_newnfs -onfsv4,sec=krb5 filesrv.ee.auth.gr:/export /mnt nfsv4 err=10016 mount_newnfs: /mnt, : Input/output error An I/O error I receive if I use opensolaris as a client. The kdc.log shows that the clients request the nfs server's ticket (2010-02-19T19:56:29 TGS-REQ mamalos@EE.AUTH.GR from IPv4:192.168.100.11 for nfs/filesrv.ee.auth.gr@EE.AUTH.GR), so things should be working that far, but then they refuse to mount the partition. If I export the partition with sec=sys and try to mount it with sec=sys, it works fine. question 2) At the end of nfsv4(4) man page (in the BUGS session) it states: "At this time, there is no recall of delegations for local file system operations. As such, delegations should only be enabled for file systems that are being used soley as NFS export volumes and are not being accessed via local system calls nor services such as Samba." Does this mean that if I manage to export my /home filesystem eventually, and my mailserver copies the emails to my users' maildirs (located in their home folder), or through another nfs mount, or a user is connected to his/her account both through nfsv4 and samba, then there will be a serious problem? Should I setup the nfs server in solaris and use bsd/linux nfs4 clients instead, to be sure that I will have no corrupted filesystems, etc? Have you tried mounting solaris-nfsv4 exported filesystems with the fbsd nfsclient and sec>=krb5? Thanx again for your help and attention. mamalos -- George Mamalakis IT Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379