[Bug 238725] Severe NFS exports(5) -maproot regression for :group definition
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jun 20 18:45:50 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238725
Bug ID: 238725
Summary: Severe NFS exports(5) -maproot regression for :group
definition
Product: Base System
Version: 12.0-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: bugzilla.freebsd at omnilan.de
Hello,
I've been using semi-sophisticated exports(5), last adjusted with FreeBSD-9 and
reused sucessfully on FreeBSD-10+11.
Recently I upgraded one machine From FreeBSD-11 to FreeBSD-12-stable and now
the ":group" definition of -maproot= in exports(5) has no effect anymore.
Here are the relevant infos for reproduction (NFSv4):
/zfs/netshares/deployment -ro -maproot=65534:65533 -network 192.0.2.0/24
getent passwd 65534
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
getent group 65534
nobody:*:65534
This is verified to be identical on the 11 and 12 servers!
On the NFS server, cd into /zfs/netshares/deploymemt and:
mkdir test && touch test/testfile
setfacl -b test && chown root:nogroup test && chmod 750 test
On the client, issue as root: ls
/$nfsservermounpoint/zfs/netshares/deployment/test
Clients mounting from FreeBSD-12 tell "ls: .../deployment/test: Permission
denied"
Clients mounting from FreeBSD-11 list the "testfile".
The -maproot=user part works, but not the :group anymore.
This is also falsified using nfsv3 (with ESXi client).
Hope somebody has an idea which change could be the culprit. Needless to say
that this was really unexpected and badly breaks a lot of things.
Thanks,
-harry
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list