| View previous topic :: View next topic |
| Author |
Message |
olli.bo
Apprentice
Joined: 16 Jul 2003
Posts: 208
Location: Germany
|
 Posted: Thu Mar 11, 2010 1:33 pm Post subject: SUID programs over NFSv4 share not working |
 |
|
Hi,
I have a NFSv4-Share with some SUID-Programs on it.
If I mount that share on the Client machine I can't run the SUID-Programms (Permission denied).
A ls -l shows corret UID/GID and SUID-Bit. My idmapd is running.
I tried the mount-Option suid without luck. The I tried to set suid as an option to /etc/exports onthe Server but this Option seems unknown to the nfsd.
Is that a Bug in NFS4?
The same share mounted with NFSv3 works perfect with SUID.
My kernel is 2.6.31-gentoo-r6 and I have the following nfs-utils installed:
| Code: | | net-fs/nfs-utils-1.1.4-r1 |
On both systems the same environment.
Does anyone have an idea?
thx
olli |
|
| Back to top |
|
 |
depontius
Advocate
Joined: 05 May 2004
Posts: 3526
|
| Posted: Thu Mar 11, 2010 1:57 pm Post subject: |
|
|
I believe that by default, nfs mounts things with root-squash - meaning that root on the client box has no special authority on nfs mounted filesystems. In practice this often/usually means that root can't even read something out of an nfs mount if it isn't universal-read, or if you haven't done something funky with id mapping.
I would begin by debugging client-box-root's ability to read data, then execute code off of an nfs mount before worrying about setuid.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
dblaci
n00b
Joined: 05 Oct 2004
Posts: 30
|
| Posted: Sun Jun 03, 2012 12:30 pm Post subject: |
|
|
I ran into this problem myself:
I have a machine booting from network, with nfs root. If the root is monuted with nfsvers=3 suid works. If mounted with nfsvers=4, suid fails!
UID s are fine, everything's working, ls -l shows
-rws--x--x 1 root root 1941608 .......... /usr/bin/Xorg
on nfs3 the user can start X, on nfs4 it can't. The root can of course. I cannot find any documentation on this, man mount, man nfs, bugs.gentoo.org, and I found this thread with google 
sys-kernel/gentoo-sources-3.4.0
net-fs/nfs-utils-1.2.3-r1 (tested with 1.2.6 too)
amd64 system, except the gentoo-sources. (it is ~amd64)
mounting the share on localhost works. I don't know where to find... The system is booted with dracut. It can be the problem of dracut, nfs, some config file, nfs server maybe... I don't know :\ |
|
| Back to top |
|
|
olli.bo
Apprentice
Joined: 16 Jul 2003
Posts: 208
Location: Germany
|
| Posted: Sun Jun 03, 2012 8:38 pm Post subject: |
|
|
Yes, seems to be my problem. ;-)
Until now I didnt find a solution for this issue. It seems no one can help or NFS4 is not built for running a machine over the network... :-/
Please post if you find a solution... |
|
| Back to top |
|
|
dblaci
n00b
Joined: 05 Oct 2004
Posts: 30
|
| Posted: Mon Jun 04, 2012 6:00 pm Post subject: |
|
|
| olli.bo wrote: | Yes, seems to be my problem. 
Until now I didnt find a solution for this issue. It seems no one can help or NFS4 is not built for running a machine over the network... :-/
Please post if you find a solution... |
LOL... Your original post is old. I see tutorials, and topics about nfs4 root, and I don't think they don't use suid executables. I think we misconfigured something... NFS3 works anyway... I will tell you if I find out. In fact I don't have anything that needs nfs4 (or at least I don't know... maybe it would be faster because of some new features, cache etc...)  |
|
| Back to top |
|
|
|
Networking & Security
