Bug#492970: #492970 - nfs-common 1:1.1.3-1 client disallows access to files/directories where it should allow access - Debian Bug report logs

Wed, 15 Oct 2008 13:49:49 -0700 

On Oct 15, 2008, at 12:57 PM, Steve Dickson wrote:

Chuck Lever wrote:
Easy... the mount.nfs subcommand in nfs-utils-1.1.3 switches to legacy mode on old kernels (pre 2.6.23). What I meant by "you need to force the use of the legacy mount command" is that you need to force the use 
of the legacy binary mount interface.
I have tried a legacy FC-5 mount binary (util-linux 2.13-pre7) on both 
a 2.6.21 kernel (FC-7)  and a 2.6.25.14 kernel (F-9) mounting a F-10
server running nfs-utils-1.1.3 with out a problem.



Right, the old mount binaries don't have bcwong's fix, so they are  
not

broken.


The combination you need is an nfs-utils 1.1.3 mount command on an  
old
kernel (or just wire the new mount command to use the legacy  
interface

all the time).

Ok... The client has the nfs-utils-1.1.3 mount.nfs binary using an  
FC-7 (2.6.21) kernel. New text mount interface with old binary  
kernel interface.


I have two servers:

  ServerA has the nfs-utils-1.1.3 rpc.mountd binary using an F-9  
2.6.26 kernel
  ServerB has the nfs-utils-1.1.2 rpc.mountd binary using an F-10  
2.6.27 kernel.



The following mount command work (meaning the mount was successful  
and I'm able to write the mount point):

   mount -o sec=sys ServerA:/home /mnt/home
   mount -o sec=none ServerA:/home /mnt/home
   mount -o sec=sys ServerB:/home /mnt/home

The only mount that didn't work (meaning the actual mount failed) was:
   mount -o sec=none ServerB:/home /mnt/home

Due to the fact the 1.1.2 server failed it with:

mount.nfs: madhat.boston.devel.redhat.com:/home failed, security  
flavor not supported


Which makes sense since this was the reason for bcwong's patch...

So where have I gone wrong in reproducing this?


What happens when you don't specify a sec= option at all?


One oddity the mount binary fails when I used the '-o sec=none' flag
with:
Warning: Unrecognized security flavor none.


Try "null" maybe?

I did... but its probably a red herring at this point...

tia.

steved.



--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]























					Reply via email to