Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZFS NFS sharenfs=on does NOT map root user to nobody by default #9397

Closed
gkeen opened this issue Oct 2, 2019 · 4 comments
Closed

ZFS NFS sharenfs=on does NOT map root user to nobody by default #9397

gkeen opened this issue Oct 2, 2019 · 4 comments
Labels
Component: Share "zfs share" feature

Comments

@gkeen
Copy link

gkeen commented Oct 2, 2019
edited
Loading

I have setup two different systems running Centos 7.7 with zfs 0.7.13-1 and created a filesystem inside a pool then shared it out with set sharenfs=on . When I mount that NFS share on a system( another linux system ) on the same network as root. The root user can create files and directories as root and is not mapped to user nobody.

System information

Type Version/Name
Distribution Name Centos
Distribution Version 7
Linux Kernel 3.10.0-1062.1.1.el7.x86_64
Architecture x86
ZFS Version v0.7.13-1
SPL Version v0.7.13-1

Describe the problem you're observing

Using zfs set sharenfs=on to a zfs filesystem by default does not map root user to user nobody

Describe how to reproduce the problem

Install Centos 7 on any white box. Install zfs version 0.7.13-1. Create a pool of available drives and turn NFS on with no other options using zfs set sharenfs=on <pool/filesystem>. Move to another system that has a NFS client on it. As root user ,mount the newly shared zfs directory. Create a file or directory or both as root. Do a long listing in the directory to discover the owner/group permissions remain root.

Include any warning/errors/backtraces from the system logs
@gkeen gkeen changed the title ZFS NFS sharefs=on does NOT map root user to nobody by default ZFS NFS sharenfs=on does NOT map root user to nobody by default Oct 2, 2019
@gkeen
Copy link
Author

gkeen commented Oct 4, 2019

Well, I did find this, https://zfsonlinux.org/manpages/0.7.13/man8/zfs.8.html This behavior is by default. Aside from all the other implementations of NFS. ZoL is wide open. Seems like a bold move and as history has proven may not be the best.

@behlendorf behlendorf added the Component: Share "zfs share" feature label Oct 4, 2019
behlendorf added a commit to behlendorf/zfs that referenced this issue Oct 7, 2019
@behlendorf
Modify sharenfs=on default behavior
f70285f 
While it may sometimes be convenient to export an NFS filesystem with
no_root_squash it should not be the default behavior.  Align the
default behavior with the Linux NFS server defaults.  To restore
the previous behavior use 'zfs set sharenfs="no_root_squash,..."'.

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Issue openzfs#9397
@behlendorf behlendorf mentioned this issue Oct 7, 2019
Merged
12 tasks
behlendorf added a commit to behlendorf/zfs that referenced this issue Oct 7, 2019
@behlendorf
Modify sharenfs=on default behavior
0ebae16 
While it may sometimes be convenient to export an NFS filesystem with
no_root_squash it should not be the default behavior.  Align the
default behavior with the Linux NFS server defaults.  To restore
the previous behavior use 'zfs set sharenfs="no_root_squash,..."'.

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Issue openzfs#9397
@behlendorf
Copy link
Contributor

@gkeen thank's for calling our attention to this. I've opened PR #9425 which modifies the default behavior to something a little more conventional.

@gkeen
Copy link
Author

gkeen commented Oct 8, 2019 via email

@behlendorf
Copy link
Contributor

@gkeen yes, please leave it open. We'll close it out once the proposed changed in reviewed and merged.

tonyhutter pushed a commit to tonyhutter/zfs that referenced this issue Dec 26, 2019
@behlendorf @tonyhutter
Modify sharenfs=on default behavior
c300afd 
While it may sometimes be convenient to export an NFS filesystem with
no_root_squash it should not be the default behavior.  Align the
default behavior with the Linux NFS server defaults.  To restore
the previous behavior use 'zfs set sharenfs="no_root_squash,..."'.

Reviewed-by: loli10K <ezomori.nozomu@gmail.com>
Reviewed-by: Richard Laager <rlaager@wiktel.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#9397
Closes openzfs#9425
tonyhutter pushed a commit to tonyhutter/zfs that referenced this issue Dec 27, 2019
@behlendorf @tonyhutter
Modify sharenfs=on default behavior
d2fb93b 
While it may sometimes be convenient to export an NFS filesystem with
no_root_squash it should not be the default behavior.  Align the
default behavior with the Linux NFS server defaults.  To restore
the previous behavior use 'zfs set sharenfs="no_root_squash,..."'.

Reviewed-by: loli10K <ezomori.nozomu@gmail.com>
Reviewed-by: Richard Laager <rlaager@wiktel.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes openzfs#9397
Closes openzfs#9425
tonyhutter pushed a commit that referenced this issue Jan 23, 2020
@behlendorf @tonyhutter
Modify sharenfs=on default behavior
e08b98e 
While it may sometimes be convenient to export an NFS filesystem with
no_root_squash it should not be the default behavior.  Align the
default behavior with the Linux NFS server defaults.  To restore
the previous behavior use 'zfs set sharenfs="no_root_squash,..."'.

Reviewed-by: loli10K <ezomori.nozomu@gmail.com>
Reviewed-by: Richard Laager <rlaager@wiktel.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #9397
Closes #9425
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component: Share "zfs share" feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@behlendorf @gkeen