RE: Different sequence of "exportfs" produce different effects on nfs client mounts

Wangminlan <wangminlan@xxxxxxxxxx> · Tue, 15 Oct 2013 06:39:59 +0000



On Mon, Oct 14, 2013 at 16:46 +0000, Bruce Fields wrote:
> On Mon, Oct 14, 2013 at 02:16:58AM +0000, Wangminlan wrote:
> > 　　Hi,
> > 　　         I’ve got a problem on the nfs exportfs command. I’m not
> sure if this is the right place to ask this, if not, can you please tell me where?
> >
> > 　　         Here’s what I need:
> > 　　1. I have a folder named /mnt/fs1 to be exported.
> > 　　2. All the host in subnetwork 192.168.0.0/16 should be able access this
> folder, but their root should be squashed.
> > 　　3. Some specified host in the same subnetwork can gain the root
> permission on the folder, for example: 192.168.0.21, 192.168.0.22.
> >
> > 　　I’ve got a SLES11SP1 box as the nfs server, the nfs clients are SLES11SP1,
> too, and the protocol used between clients and server are NFSv3.
> > 　　Here are the commands I used to do the export:
> > 　　#exportfs –o rw,root_squash 192.168.0.0/16:/mnt/fs1
> > 　　#exportfs –o rw,no_root_squash 192.168.0.21:/mnt/fs1
> > 　　#exportfs –o rw,no_root_squash 192.168.0.22:/mnt/fs1
> > 　　After this, everything works as expected.
After this, the contents of /proc/net/rpc/auth.unix.ip/content and /proc/net/rpc/nfsd.export/content are:
	NV200_01:/proc/net/rpc # cat auth.unix.ip/content 
	#class IP domain
	nfsd 192.168.0.21 192.168.0.0/16,192.168.0.21
	nfsd 0.0.0.0 -test-client-
	# nfsd 100.43.189.1 -no-domain-

	NV200_01:/proc/net/rpc # cat nfsd.export/content 
	#path domain(flags)
	/mnt/fs1	-test-client-(rw,no_root_squash,sync,no_wdelay,fsid=0,anonuid=4294967295,anongid=4294967295)
	/mnt/fs1	192.168.0.0/16,192.168.0.21(rw,no_root_squash,sync,wdelay,no_subtree_check,uuid=13266f0d:1fbd40d5:b0b5c4fe:cfe104eb)
	# /mnt/fs1	192.168.0.0/16,192.168.0.21(rw,no_root_squash,sync,wdelay,no_subtree_check,uuid=13266f0d:1fbd40d5:b0b5c4fe:cfe104eb)
Besides, the content of /var/lib/nfs/etab is:
	NV200_01:/proc/net/rpc # cat /var/lib/nfs/etab 
	/mnt/fs1	192.168.0.22(rw,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534)
	/mnt/fs1	192.168.0.21(rw,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534)
	/mnt/fs1	192.168.0.0/16(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534)
> >
> > 　　But, after the following operations:
> > 　　#exportfs –u 192.168.0.0/16:/mnt/fs1              /* Delete this
> export */
> > 　　# exportfs –o rw,root_squash 192.168.0.0/16:/mnt/fs1          /*
> And add it again */
> > 　　Hosts on 192.168.0.21 and 192.168.0.22 doesn’t get root permission
> any more. when I tried to write a file, it complains about “Permission denied”.
> >
> > 　　So, does the order of exportfs command has something to do the final
> result? Or am I doing something wrong?
After this, the contents of /proc/net/rpc/auth.unix.ip/content and /proc/net/rpc/nfsd.export/content are:
	NV200_01:/proc/net/rpc # cat auth.unix.ip/content 
	#class IP domain
	nfsd 192.168.0.21 192.168.0.0/16,192.168.0.21
	nfsd 0.0.0.0 -test-client-
	# nfsd 100.43.189.1 -no-domain-

	NV200_01:/proc/net/rpc # cat nfsd
	nfsd         nfsd.export/ nfsd.fh/     
	NV200_01:/proc/net/rpc # cat nfsd
	nfsd         nfsd.export/ nfsd.fh/     
	NV200_01:/proc/net/rpc # cat nfsd.export/content 
	#path domain(flags)
	/mnt/fs1	-test-client-(rw,no_root_squash,sync,no_wdelay,fsid=0,anonuid=4294967295,anongid=4294967295)
	/mnt/fs1	192.168.0.0/16,192.168.0.21(rw,root_squash,sync,wdelay,no_subtree_check,uuid=13266f0d:1fbd40d5:b0b5c4fe:cfe104eb)
And the content of /var/lib/nfs/etab is:
	NV200_01:/proc/net/rpc # cat /var/lib/nfs/etab 
	/mnt/fs1	192.168.0.0/16(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534)
	/mnt/fs1	192.168.0.22(rw,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534)
	/mnt/fs1	192.168.0.21(rw,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534)
> 
> That sounds like a bug.  The contents of
> /proc/net/rpc/auth.unix.ip/content and /proc/net/rpc/nfsd.export/content
> after getting the above "permission denied" might be interesting.
��.n��������+%������w��{.n�����{��w���jg��������ݢj����G�������j:+v���w�m������w�������h�����٥