** Changed in: nfs-utils (Ubuntu Xenial)
Status: Confirmed => In Progress
** Changed in: nfs-utils (Ubuntu Bionic)
Status: Confirmed => In Progress
** Changed in: nfs-utils (Ubuntu Cosmic)
Status: Confirmed => In Progress
** Description changed:
- In /etc/default/nfs-kernel-server you can specify parameters for
- rpc.svcgssd:
+ [Impact]
+
+ * An explanation of the effects of the bug on users and
+
+ * justification for backporting the fix to the stable release.
+
+ * In addition, it is helpful, but not required, to include an
+ explanation of how the upload fixes this bug.
+
+ [Test Case]
+ * install nfs-server and a kerberos server. Use "EXAMPLE.LOCAL" for the
realm, and "localhost" for the servers, when prompted:
+ sudo apt install nfs-server krb5-kdc krb5-user krb5-admin-server
+
+ * create the EXAMPLE.LOCAL realm. Use any password you want for the database
master key, it won't be requested again:
+ sudo krb5_newrealm
+
+ * create a principal for the nfs service:
+ sudo kadmin.local -q "addprinc -randkey nfs/$(hostname -f)"
+
+ * extract the key into the system wide keytab:
+ sudo kadmin.local -q "ktadd -k /etc/krb5.keytab nfs/$(hostname -f)"
+
+ * edit /etc/default/nfs-common and enable gssd:
+ NEED_GSSD=y
+
+ * edit /etc/default/nfs-kernel-server and add an option to RPCSVCGSSDOPTS:
+ RPCSVCGSSDOPTS="-v"
+
+ * restart nfs-server
+ sudo systemctl restart nfs-server
+
+ * verify if /run/sysconfig/nfs-utils has the option we added above:
+ $ cat /run/sysconfig/nfs-utils
+ PIPEFS_MOUNTPOINT=/run/rpc_pipefs
+ RPCNFSDARGS=" 8"
+ RPCMOUNTDARGS="--manage-gids"
+ STATDARGS=""
+ RPCSVCGSSDARGS="-v"
+
+ * Verify the running rpc.gssd process. Without the fix, it won't have the
"-v" option:
+ ps axw|grep svcgssd|grep -v grep
+ 4285 ? Ss 0:00 /usr/sbin/rpc.svcgssd
+
+ With the fix, right after installing the udpated packages, the option we
added to /etc/default/nfs-kernel-server will show up:
+ ps axw|grep svcgssd|grep -v grep
+ 5656 ? Ss 0:00 /usr/sbin/rpc.svcgssd -v
+
+ [Regression Potential]
+
+ * discussion of how regressions are most likely to manifest as a result
+ of this change.
+
+ * It is assumed that any SRU candidate patch is well-tested before
+ upload and has a low overall risk of regression, but it's important
+ to make the effort to think about what ''could'' happen in the
+ event of a regression.
+
+ * This both shows the SRU team that the risks have been considered,
+ and provides guidance to testers in regression-testing the SRU.
+
+ [Other Info]
+
+ * Anything else you think is useful to include
+ * Anticipate questions from users, SRU, +1 maintenance, security teams and
the Technical Board
+ * and address these questions in advance
+
+ [Original Description]
+ In /etc/default/nfs-kernel-server you can specify parameters for rpc.svcgssd:
# Options for rpc.svcgssd.
RPCSVCGSSDOPTS="-n"
But the variable is named incorrectly in /lib/systemd/system/rpc-
svcgssd.service:
ExecStart=/usr/sbin/rpc.svcgssd $SVCGSSDARGS
** Description changed:
[Impact]
-
- * An explanation of the effects of the bug on users and
-
- * justification for backporting the fix to the stable release.
-
- * In addition, it is helpful, but not required, to include an
- explanation of how the upload fixes this bug.
+ Command line options set for rpc.svcgssd in the
/etc/default/nfs-kernel-server file are not passed on to the service, being
ignored.
[Test Case]
* install nfs-server and a kerberos server. Use "EXAMPLE.LOCAL" for the
realm, and "localhost" for the servers, when prompted:
sudo apt install nfs-server krb5-kdc krb5-user krb5-admin-server
* create the EXAMPLE.LOCAL realm. Use any password you want for the database
master key, it won't be requested again:
sudo krb5_newrealm
* create a principal for the nfs service:
sudo kadmin.local -q "addprinc -randkey nfs/$(hostname -f)"
* extract the key into the system wide keytab:
sudo kadmin.local -q "ktadd -k /etc/krb5.keytab nfs/$(hostname -f)"
* edit /etc/default/nfs-common and enable gssd:
NEED_GSSD=y
* edit /etc/default/nfs-kernel-server and add an option to RPCSVCGSSDOPTS:
RPCSVCGSSDOPTS="-v"
* restart nfs-server
sudo systemctl restart nfs-server
* verify if /run/sysconfig/nfs-utils has the option we added above:
$ cat /run/sysconfig/nfs-utils
PIPEFS_MOUNTPOINT=/run/rpc_pipefs
RPCNFSDARGS=" 8"
RPCMOUNTDARGS="--manage-gids"
STATDARGS=""
RPCSVCGSSDARGS="-v"
* Verify the running rpc.gssd process. Without the fix, it won't have the
"-v" option:
ps axw|grep svcgssd|grep -v grep
- 4285 ? Ss 0:00 /usr/sbin/rpc.svcgssd
+ 4285 ? Ss 0:00 /usr/sbin/rpc.svcgssd
With the fix, right after installing the udpated packages, the option we
added to /etc/default/nfs-kernel-server will show up:
ps axw|grep svcgssd|grep -v grep
- 5656 ? Ss 0:00 /usr/sbin/rpc.svcgssd -v
+ 5656 ? Ss 0:00 /usr/sbin/rpc.svcgssd -v
[Regression Potential]
-
- * discussion of how regressions are most likely to manifest as a result
- of this change.
-
- * It is assumed that any SRU candidate patch is well-tested before
- upload and has a low overall risk of regression, but it's important
- to make the effort to think about what ''could'' happen in the
- event of a regression.
-
- * This both shows the SRU team that the risks have been considered,
- and provides guidance to testers in regression-testing the SRU.
+ This is an old bug and whoever was affected by it probably worked around the
problem by now. I tried to cope with one such scenario by not just renaming the
variable we export, but exporting the correct one in addition to the old
incorrect one, but that's it. I hope this, and the explanation added to the
shell script wrapper nfs-utils.sh, is enough to help people with corner cases.
+ idance to testers in regression-testing the SRU.
[Other Info]
-
- * Anything else you think is useful to include
- * Anticipate questions from users, SRU, +1 maintenance, security teams and
the Technical Board
- * and address these questions in advance
+ This patch was accepted in debian:
https://salsa.debian.org/debian/nfs-utils/merge_requests/2
[Original Description]
In /etc/default/nfs-kernel-server you can specify parameters for rpc.svcgssd:
# Options for rpc.svcgssd.
RPCSVCGSSDOPTS="-n"
But the variable is named incorrectly in /lib/systemd/system/rpc-
svcgssd.service:
ExecStart=/usr/sbin/rpc.svcgssd $SVCGSSDARGS
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1616123
Title:
rpc-svcgssd.service uses incorrrect variable SVCGSSDARGS
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1616123/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
