https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238725
Bug ID: 238725
Summary: Severe NFS exports(5) -maproot regression for :group
definition
Product: Base System
Version: 12.0-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: b...@freebsd.org
Reporter: bugzilla.free...@omnilan.de
Hello,
I've been using semi-sophisticated exports(5), last adjusted with FreeBSD-9 and
reused sucessfully on FreeBSD-10+11.
Recently I upgraded one machine From FreeBSD-11 to FreeBSD-12-stable and now
the ":group" definition of -maproot= in exports(5) has no effect anymore.
Here are the relevant infos for reproduction (NFSv4):
/zfs/netshares/deployment -ro -maproot=65534:65533 -network 192.0.2.0/24
getent passwd 65534
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
getent group 65534
nobody:*:65534
This is verified to be identical on the 11 and 12 servers!
On the NFS server, cd into /zfs/netshares/deploymemt and:
mkdir test && touch test/testfile
setfacl -b test && chown root:nogroup test && chmod 750 test
On the client, issue as root: ls
/$nfsservermounpoint/zfs/netshares/deployment/test
Clients mounting from FreeBSD-12 tell "ls: .../deployment/test: Permission
denied"
Clients mounting from FreeBSD-11 list the "testfile".
The -maproot=user part works, but not the :group anymore.
This is also falsified using nfsv3 (with ESXi client).
Hope somebody has an idea which change could be the culprit. Needless to say
that this was really unexpected and badly breaks a lot of things.
Thanks,
-harry
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
