Bug 76431 - Unexpected behavior of nfsv4 and no_root_squash
Summary: Unexpected behavior of nfsv4 and no_root_squash
Alias: None
Product: File System
Classification: Unclassified
Component: NFS (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: Trond Myklebust
Depends on:
Reported: 2014-05-18 18:11 UTC by Tobias Leupold
Modified: 2014-05-18 18:28 UTC (History)
0 users

See Also:
Kernel Version: 3.12.13
Tree: Mainline
Regression: No


Description Tobias Leupold 2014-05-18 18:11:23 UTC
I'm not perfectly sure if this is a bug or a feature. If it's a feature: sorry for the noise.

I found some behavior of nfsv4 using no_root_quash: it only works with exported directories exported as bind mounts, but not for "real" directories.

E. g., I use the following exports:

    # cat /etc/exports 

after mounting them ...

    # mkdir /mnt/1 /mnt/2 
    # mount.nfs4 skoni:/1 /mnt/1 -o rw,vers=4,_netdev 
    # mount.nfs4 skoni:/2 /mnt/2 -o rw,vers=4,_netdev

... they look identical ...

# mount | grep mnt 
    skoni:/1 on /mnt/1 type nfs4 (rw,vers=4,addr=,clientaddr=,_netdev) 
    skoni:/2 on /mnt/2 type nfs4 (rw,vers=4,addr=,clientaddr=,_netdev)

... but I have only root write access to the first one:

    # touch /mnt/1/foo 
    # touch /mnt/2/foo 
    touch: cannot touch '/mnt/2/foo': Permission denied

The only difference is that mount 1 is a bind mount and mount 2 is a normal directory:

    # mount | grep /srv 
    /var/tmp/1 on /srv/nfs/1 type none (rw,bind)

Is this intended behavior or is this a bug?
Comment 1 Trond Myklebust 2014-05-18 18:22:37 UTC
If /srv/nfs/1 is just subdirectory of /srv/nfs, then this is 100% expected and documented behaviour.
Please see the section on 'no_subtree_check' in the 'exports' manpage.
Comment 2 Trond Myklebust 2014-05-18 18:23:32 UTC
Sorry. I mean 'if /srv/nfs/2 is just a subdirectory'...
Comment 3 Tobias Leupold 2014-05-18 18:28:52 UTC
Okay, then I simply didn't understand the docs correctly and this is not a bug. As said, sorry for the noise ;-)

Note You need to log in before you can comment on or make changes to this bug.