[Bug 1315974] Re: NFS v3 fstab option sec=sys results in RPC AUTH_NULL credentials instead of expected AUTH_UNIX

Eric Carroll 1315974 at bugs.launchpad.net
Mon May 5 02:04:54 UTC 2014 

** Description changed:

- In a previous Ubuntu upgrade to 13.10, there was a problem with AUTH_GSS
+ In a previous Ubuntu upgrade to 13.10, there was a problem with rpc.gssd
  timeouts on NFS v3 mount attempts slowing down NFSv3 mounting. Several
  workarounds existed, one of which was to explicitly list "sec=sys" as an
  /etc/fstab mount option.
  
  The NFS server in this case is a NetGear ReadyNAS PRO running Debian,
  kernel: 2.6.37.6.RNx86_64.2.4 The NFS server is not involved in this
  problem, it is purely client side. changing squash settings on the
  server side was tested and had no impact on the problem.
  
- It appears there is a kernel fix somewhere around 3.12.7-2 for the
- original AUTH_GSS timeout problem causing the workaround.
- 
- On upgrade from from 13.04 to 13.10, NFSv3 mounts stop working if
+ On upgrade from from 13.10 to 14.04, NFSv3 mounts stop working if
  sec=sys is specified in /etc/fstab.
  
  Specifically, the mount works, but access to files receive client side
  permission denial. Investigation showed that if the directory was
  mounted 777 and a test file was created, then the file had uid/gid
  nobody/nogroup instead of the expected client side UID/GID.
  
  wireshark clearly showed that with sec=sys on the fstab options, the RPC
  credentials were AUTH_NULL. If sec=sys is removed from the fstab
  options, then RPC credentials are now AUTH_UNIX.
  
  Repeat by:
  - create /c/tmp directory mode 777 on NFS file server where /etc/passwd & group are coordinated with the client
  - export /c/tmp as insecure,insecure_locks,rw,sync
  - add directory to /etc/fstab, options auto,sec=sys,nfsvers=3:
    nas:/c/tmp /mnt nfs  auto,sec=sys,nfsvers=3 0 0
  - execute the following while conducting dumpcap:
    sudo mount /mnt
    touch /mnt/test
    ls -l /mnt/test
  - observe file is nobody/nogroup
  - observe RPC credentials are AUTH_NULL in wireshark
  - remove sys=sec from fstab and repeat above.
  - result will be correct uid/gid & RPC credentials of AUTH_UNIX
  
  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: nfs-common 1:1.2.8-6ubuntu1
  ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
  Uname: Linux 3.13.0-24-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.14.1-0ubuntu3
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Sun May  4 21:23:26 2014
  InstallationDate: Installed on 2012-11-20 (530 days ago)
  InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
  SourcePackage: nfs-utils
  UpgradeStatus: Upgraded to trusty on 2014-04-19 (15 days ago)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1315974

Title:
  NFS v3 fstab option sec=sys results  in RPC AUTH_NULL credentials
  instead of expected AUTH_UNIX

Status in “nfs-utils” package in Ubuntu:
  New

Bug description:
  In a previous Ubuntu upgrade to 13.10, there was a problem with
  rpc.gssd timeouts on NFS v3 mount attempts slowing down NFSv3
  mounting. Several workarounds existed, one of which was to explicitly
  list "sec=sys" as an /etc/fstab mount option.

  The NFS server in this case is a NetGear ReadyNAS PRO running Debian,
  kernel: 2.6.37.6.RNx86_64.2.4 The NFS server is not involved in this
  problem, it is purely client side. changing squash settings on the
  server side was tested and had no impact on the problem.

  On upgrade from from 13.10 to 14.04, NFSv3 mounts stop working if
  sec=sys is specified in /etc/fstab.

  Specifically, the mount works, but access to files receive client side
  permission denial. Investigation showed that if the directory was
  mounted 777 and a test file was created, then the file had uid/gid
  nobody/nogroup instead of the expected client side UID/GID.

  wireshark clearly showed that with sec=sys on the fstab options, the
  RPC credentials were AUTH_NULL. If sec=sys is removed from the fstab
  options, then RPC credentials are now AUTH_UNIX.

  Repeat by:
  - create /c/tmp directory mode 777 on NFS file server where /etc/passwd & group are coordinated with the client
  - export /c/tmp as insecure,insecure_locks,rw,sync
  - add directory to /etc/fstab, options auto,sec=sys,nfsvers=3:
    nas:/c/tmp /mnt nfs  auto,sec=sys,nfsvers=3 0 0
  - execute the following while conducting dumpcap:
    sudo mount /mnt
    touch /mnt/test
    ls -l /mnt/test
  - observe file is nobody/nogroup
  - observe RPC credentials are AUTH_NULL in wireshark
  - remove sys=sec from fstab and repeat above.
  - result will be correct uid/gid & RPC credentials of AUTH_UNIX

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: nfs-common 1:1.2.8-6ubuntu1
  ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
  Uname: Linux 3.13.0-24-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.14.1-0ubuntu3
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Sun May  4 21:23:26 2014
  InstallationDate: Installed on 2012-11-20 (530 days ago)
  InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
  SourcePackage: nfs-utils
  UpgradeStatus: Upgraded to trusty on 2014-04-19 (15 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1315974/+subscriptions

More information about the foundations-bugs mailing list