Date: Thu, 20 Jun 2019 18:45:48 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 238725] Severe NFS exports(5) -maproot regression for :group definition Message-ID: <bug-238725-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238725 Bug ID: 238725 Summary: Severe NFS exports(5) -maproot regression for :group definition Product: Base System Version: 12.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: bugzilla.freebsd@omnilan.de Hello, I've been using semi-sophisticated exports(5), last adjusted with FreeBSD-9 and reused sucessfully on FreeBSD-10+11. Recently I upgraded one machine From FreeBSD-11 to FreeBSD-12-stable and now the ":group" definition of -maproot= in exports(5) has no effect anymore. Here are the relevant infos for reproduction (NFSv4): /zfs/netshares/deployment -ro -maproot=65534:65533 -network 192.0.2.0/24 getent passwd 65534 nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin getent group 65534 nobody:*:65534 This is verified to be identical on the 11 and 12 servers! On the NFS server, cd into /zfs/netshares/deploymemt and: mkdir test && touch test/testfile setfacl -b test && chown root:nogroup test && chmod 750 test On the client, issue as root: ls /$nfsservermounpoint/zfs/netshares/deployment/test Clients mounting from FreeBSD-12 tell "ls: .../deployment/test: Permission denied" Clients mounting from FreeBSD-11 list the "testfile". The -maproot=user part works, but not the :group anymore. This is also falsified using nfsv3 (with ESXi client). Hope somebody has an idea which change could be the culprit. Needless to say that this was really unexpected and badly breaks a lot of things. Thanks, -harry -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-238725-227>