From owner-freebsd-bugs Tue Jun 5 15:40: 8 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 807EB37B405 for ; Tue, 5 Jun 2001 15:40:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.3/8.11.3) id f55Me1g69480; Tue, 5 Jun 2001 15:40:01 -0700 (PDT) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id C615137B403 for ; Tue, 5 Jun 2001 15:35:40 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.3/8.11.3) id f55MZel67387; Tue, 5 Jun 2001 15:35:40 -0700 (PDT) (envelope-from nobody) Message-Id: <200106052235.f55MZel67387@freefall.freebsd.org> Date: Tue, 5 Jun 2001 15:35:40 -0700 (PDT) From: sbotsford@yottayotta.com To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: misc/27896: Error in /etc/exports invalidates entire line, not just single host. Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 27896 >Category: misc >Synopsis: Error in /etc/exports invalidates entire line, not just single host. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Jun 05 15:40:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Sherwood Botsford >Release: 4.2 >Organization: Yotta Yotta Inc >Environment: FreeBSD rhea.edmonton.yottayotta.com 4.2-RELEASE FreeBSD 4.2-RELEASE #0: Mon Mar 5 11:09:22 MST 2001 root@rhea.edmonton.yottayotta.com:/usr/src/sys/compile/RHEA-EXP1 i386 >Description: if a host is defined as part of a netgroup, and is mentioned explicitly for another line for the same file system, but with different privledges, then the entire line is invalidated. >How-To-Repeat: Consider: lindesk is the netgroup containing dumpling, croisant, and biscuit. linserve is the netgroup containing smaug, balrog, and gollum explorer is a linux desktop box used for administration. Rhea has the following exports file: /nfs/home -maproot=nobody lindesk /nfs/home -maproot=root explorer linserve This works. Now add explorer to the lindesk group. Foof! linserve can no longer mount /nfs/home. This is counter intuitive. especially, as writting the above line as two lines would localize the problem to explorer. >Fix: Workaround 1. Write lines with a single entry per client entity (host or netgroup) Wishes: 0. If a host causes a problem in a line, then it should affect that host not the whole line: E.g: /nfs/home/ -maproot=root foo bar should be equivalent in behaviour to /nfs/home/ -maproot=root foo /nfs/home/ -maproot=root bar 1. Flag for mountd to test the validity of exports file. E.g. mountd -v /nfs/home foo.bar.com Mount suceeds with privleges root=nobody -- line 27 mound -v /nfs/home explorer.bar.com Mount fails -- host is twice referenced line 26 and 40. 2. Have a mountd flag so that if a host is doubly referenced, it gets the more restrictive set of privleges, OR it gets the first set of privleges. (along with a log message.) OR if a host is mentioned explicity and is in a netgroup, then then explicit reference takes priority. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message