Date: Tue, 5 Jun 2001 15:35:40 -0700 (PDT) From: sbotsford@yottayotta.com To: freebsd-gnats-submit@FreeBSD.org Subject: misc/27896: Error in /etc/exports invalidates entire line, not just single host. Message-ID: <200106052235.f55MZel67387@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 27896
>Category: misc
>Synopsis: Error in /etc/exports invalidates entire line, not just single host.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Jun 05 15:40:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Sherwood Botsford
>Release: 4.2
>Organization:
Yotta Yotta Inc
>Environment:
FreeBSD rhea.edmonton.yottayotta.com 4.2-RELEASE FreeBSD 4.2-RELEASE #0: Mon Mar 5 11:09:22 MST 2001 root@rhea.edmonton.yottayotta.com:/usr/src/sys/compile/RHEA-EXP1 i386
>Description:
if a host is defined as part of a netgroup, and is mentioned explicitly
for another line for the same file system, but with different privledges,
then the entire line is invalidated.
>How-To-Repeat:
Consider:
lindesk is the netgroup containing dumpling, croisant, and biscuit.
linserve is the netgroup containing smaug, balrog, and gollum
explorer is a linux desktop box used for administration.
Rhea has the following exports file:
/nfs/home -maproot=nobody lindesk
/nfs/home -maproot=root explorer linserve
This works.
Now add explorer to the lindesk group.
Foof! linserve can no longer mount /nfs/home. This is counter intuitive.
especially, as writting the above line as two lines would
localize the problem to explorer.
>Fix:
Workaround
1. Write lines with a single entry per client entity (host or netgroup)
Wishes:
0. If a host causes a problem in a line, then it should affect that
host not the whole line: E.g:
/nfs/home/ -maproot=root foo bar
should be equivalent in behaviour to
/nfs/home/ -maproot=root foo
/nfs/home/ -maproot=root bar
1. Flag for mountd to test the validity of exports file.
E.g. mountd -v /nfs/home foo.bar.com
Mount suceeds with privleges root=nobody -- line 27
mound -v /nfs/home explorer.bar.com
Mount fails -- host is twice referenced line 26 and 40.
2. Have a mountd flag so that if a host is doubly referenced, it
gets the more restrictive set of privleges, OR it gets the first set
of privleges. (along with a log message.) OR if a host is mentioned
explicity and is in a netgroup, then then explicit reference takes
priority.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106052235.f55MZel67387>