Public bug reported:
In a previous Ubuntu upgrade to 13.10, there was a problem with AUTH_GSS
timeouts on NFS v3 mount attempts slowing down NFSv3 mounting. Several
workarounds existed, one of which was to explicitly list "sec=sys" as an
/etc/fstab mount option.
The NFS server in this case is a NetGear ReadyNAS PRO running Debian,
kernel: 2.6.37.6.RNx86_64.2.4 The NFS server is not involved in this
problem, it is purely client side. changing squash settings on the
server side was tested and had no impact on the problem.
It appears there is a kernel fix somewhere around 3.12.7-2 for the
original AUTH_GSS timeout problem causing the workaround.
On upgrade from from 13.04 to 13.10, NFSv3 mounts stop working if
sec=sys is specified in /etc/fstab.
Specifically, the mount works, but access to files receive client side
permission denial. Investigation showed that if the directory was
mounted 777 and a test file was created, then the file had uid/gid
nobody/nogroup instead of the expected client side UID/GID.
wireshark clearly showed that with sec=sys on the fstab options, the RPC
credentials were AUTH_NULL. If sec=sys is removed from the fstab
options, then RPC credentials are now AUTH_UNIX.
Repeat by:
- create /c/tmp directory mode 777 on NFS file server where /etc/passwd & group
are coordinated with the client
- export /c/tmp as insecure,insecure_locks,rw,sync
- add directory to /etc/fstab, options auto,sec=sys,nfsvers=3:
nas:/c/tmp /mnt nfs auto,sec=sys,nfsvers=3 0 0
- execute the following while conducting dumpcap:
sudo mount /mnt
touch /mnt/test
ls -l /mnt/test
- observe file is nobody/nogroup
- observe RPC credentials are AUTH_NULL in wireshark
- remove sys=sec from fstab and repeat above.
- result will be correct uid/gid & RPC credentials of AUTH_UNIX
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: nfs-common 1:1.2.8-6ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.14.1-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Sun May 4 21:23:26 2014
InstallationDate: Installed on 2012-11-20 (530 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
SourcePackage: nfs-utils
UpgradeStatus: Upgraded to trusty on 2014-04-19 (15 days ago)
** Affects: nfs-utils (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug trusty
** Description changed:
In a previous Ubuntu upgrade to 13.10, there was a problem with AUTH_GSS
timeouts on NFS v3 mount attempts slowing down NFSv3 mounting. Several
workarounds existed, one of which was to explicitly list "sec=sys" as an
/etc/fstab mount option.
The NFS server in this case is a NetGear ReadyNAS PRO running Debian,
kernel: 2.6.37.6.RNx86_64.2.4 The NFS server is not involved in this
- problem, it is purely client side.
+ problem, it is purely client side. changing squash settings on the
+ server side was tested and had no impact on the problem.
It appears there is a kernel fix somewhere around 3.12.7-2 for the
original AUTH_GSS timeout problem causing the workaround.
On upgrade from from 13.04 to 13.10, NFSv3 mounts stop working if
sec=sys is specified in /etc/fstab.
Specifically, the mount works, but access to files receive client side
permission denial. Investigation showed that if the directory was
mounted 777 and a test file was created, then the file had uid/gid
nobody/nogroup instead of the expected client side UID/GID.
wireshark clearly showed that with sec=sys on the fstab options, the RPC
credentials were AUTH_NULL. If sec=sys is removed from the fstab
options, then RPC credentials are now AUTH_UNIX.
- Repeat by:
+ Repeat by:
- create /c/tmp directory mode 777 on NFS file server where /etc/password &
groups are coordinated with the client
- - export /c/tmp as insecure,insecure_locks,rw,async
+ - export /c/tmp as insecure,insecure_locks,rw,sync
- add directory to /etc/fstab, options auto,sec=sys,nfsvers=3:
- nas:/c/tmp /mnt nfs auto,sec=sys,nfsvers=3 0 0
+ nas:/c/tmp /mnt nfs auto,sec=sys,nfsvers=3 0 0
- execute the following while conducting dumpcap:
- sudo mount /mnt
- touch /mnt/test
- ls -l /mnt/test
- - observe file is nobody/nogroup
+ sudo mount /mnt
+ touch /mnt/test
+ ls -l /mnt/test
+ - observe file is nobody/nogroup
- observe RPC credentials are AUTH_NULL in wireshark
- - remove sys=sec from fstab and repeat above.
+ - remove sys=sec from fstab and repeat above.
- result will be correct uid/gid & RPC credentials of AUTH_UNIX
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: nfs-common 1:1.2.8-6ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.14.1-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Sun May 4 21:23:26 2014
InstallationDate: Installed on 2012-11-20 (530 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
SourcePackage: nfs-utils
UpgradeStatus: Upgraded to trusty on 2014-04-19 (15 days ago)
** Description changed:
In a previous Ubuntu upgrade to 13.10, there was a problem with AUTH_GSS
timeouts on NFS v3 mount attempts slowing down NFSv3 mounting. Several
workarounds existed, one of which was to explicitly list "sec=sys" as an
/etc/fstab mount option.
The NFS server in this case is a NetGear ReadyNAS PRO running Debian,
kernel: 2.6.37.6.RNx86_64.2.4 The NFS server is not involved in this
problem, it is purely client side. changing squash settings on the
server side was tested and had no impact on the problem.
It appears there is a kernel fix somewhere around 3.12.7-2 for the
original AUTH_GSS timeout problem causing the workaround.
On upgrade from from 13.04 to 13.10, NFSv3 mounts stop working if
sec=sys is specified in /etc/fstab.
Specifically, the mount works, but access to files receive client side
permission denial. Investigation showed that if the directory was
mounted 777 and a test file was created, then the file had uid/gid
nobody/nogroup instead of the expected client side UID/GID.
wireshark clearly showed that with sec=sys on the fstab options, the RPC
credentials were AUTH_NULL. If sec=sys is removed from the fstab
options, then RPC credentials are now AUTH_UNIX.
Repeat by:
- - create /c/tmp directory mode 777 on NFS file server where /etc/password &
groups are coordinated with the client
+ - create /c/tmp directory mode 777 on NFS file server where /etc/passwd &
group are coordinated with the client
- export /c/tmp as insecure,insecure_locks,rw,sync
- add directory to /etc/fstab, options auto,sec=sys,nfsvers=3:
nas:/c/tmp /mnt nfs auto,sec=sys,nfsvers=3 0 0
- execute the following while conducting dumpcap:
sudo mount /mnt
touch /mnt/test
ls -l /mnt/test
- observe file is nobody/nogroup
- observe RPC credentials are AUTH_NULL in wireshark
- remove sys=sec from fstab and repeat above.
- result will be correct uid/gid & RPC credentials of AUTH_UNIX
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: nfs-common 1:1.2.8-6ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.14.1-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Sun May 4 21:23:26 2014
InstallationDate: Installed on 2012-11-20 (530 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
SourcePackage: nfs-utils
UpgradeStatus: Upgraded to trusty on 2014-04-19 (15 days ago)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1315974
Title:
NFS v3 fstab option sec=sys results in RPC AUTH_NULL credentials
instead of expected AUTH_UNIX
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1315974/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
