NFS and -maproot in OpenBSD 4.3

Tue, 01 Jul 2008 08:15:51 -0700 

Hello,

I'm having some permissions problems with NFS; it seems I only get access
as nobody on the server. (The exports(5) man page indeed suggests little
access by default, but it seems I can't get -maproot or -mapall to
override this.)

The same problem seems to have been reported before:
http://kerneltrap.org/mailarchive/openbsd-misc/2007/10/19/348580

Both the server and client run the OpenBSD 4.3 release.

My /etc/exports on the server:

  /test -maproot=root <client IP>

On the client:

  $ mount
  /dev/wd0a on / type ffs (local)
  /dev/wd0g on /home type ffs (local, nodev, nosuid)
  /dev/wd0d on /tmp type ffs (local, nodev, nosuid)
  /dev/wd0f on /usr type ffs (local, nodev)
  /dev/wd0e on /var type ffs (local, nodev, nosuid)
  <server IP>:/test on /mnt type nfs (v3, udp, timeo=100)
  $ cd /mnt
  $ ls -al
  total 8
  drwxr-xr-x   2 root  wheel  512 Jul  1 14:52 .
  drwxr-xr-x  15 root  wheel  512 May 21 13:20 ..
  -rw-rw-rw-   1 root  wheel    0 Jul  1 14:55 bar
  -rw-------   1 root  wheel    0 Jul  1 14:52 foo
  -rw-rw----   1 root  wheel    0 Jul  1 14:52 foobar
  $ touch bar
  $ touch foo
  touch: foo: Permission denied
  $ touch foobar
  touch: foobar: Permission denied
  $ less foobar
  foobar: Permission denied

I didn't get -mapall=root to work, either.

That said, it works as expected if I do a local NFS mount of the directory
on the server itself (but in that case it works without -maproot or
-mapall in any case).

I didn't find any entries in /var/log/*. The only debug data I can recall
is like the following, and I'm not sure it's relevant:

  $ mountd -d
  Getting export list.
  Got line #      $OpenBSD: exports,v 1.2 2002/05/31 08:15:44 pjanzen Exp $
  Got line #
  Got line # NFS exports Database
  Got line # See exports(5) for more information.  Be very careful: 
misconfiguration
  Got line # of this file can result in your filesystems being readable by
the world.
  Got line /test -mapall=root <client IP>
  Making new ep fs=0x0,0x12138a2
  doing opt -mapall=root <client IP>
  got host <client IP>
  exporting /test
  unexporting / /
  unexporting /home /home
  unexporting /tmp /tmp
  unexporting /usr /usr
  unexporting /var /var
  Getting mount list.
  Here we go.
  Got mount request from <client IP>
  rpcpath: /test
  Mount successful for /test by <client IP>.

Any ideas on how to solve or debug this? Thanks.

Kind regards,
David Vuorio

Reply via email to