Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
SUID programs over NFSv4 share not working
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
olli.bo
Apprentice
Apprentice


Joined: 16 Jul 2003
Posts: 208
Location: Germany

PostPosted: Thu Mar 11, 2010 1:33 pm    Post subject: SUID programs over NFSv4 share not working Reply with quote

Hi,

I have a NFSv4-Share with some SUID-Programs on it.
If I mount that share on the Client machine I can't run the SUID-Programms (Permission denied).
A ls -l shows corret UID/GID and SUID-Bit. My idmapd is running.
I tried the mount-Option suid without luck. The I tried to set suid as an option to /etc/exports onthe Server but this Option seems unknown to the nfsd.
Is that a Bug in NFS4?
The same share mounted with NFSv3 works perfect with SUID.
My kernel is 2.6.31-gentoo-r6 and I have the following nfs-utils installed:
Code:
net-fs/nfs-utils-1.1.4-r1

On both systems the same environment.
Does anyone have an idea?

thx
olli
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3450

PostPosted: Thu Mar 11, 2010 1:57 pm    Post subject: Reply with quote

I believe that by default, nfs mounts things with root-squash - meaning that root on the client box has no special authority on nfs mounted filesystems. In practice this often/usually means that root can't even read something out of an nfs mount if it isn't universal-read, or if you haven't done something funky with id mapping.

I would begin by debugging client-box-root's ability to read data, then execute code off of an nfs mount before worrying about setuid.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
dblaci
n00b
n00b


Joined: 05 Oct 2004
Posts: 29

PostPosted: Sun Jun 03, 2012 12:30 pm    Post subject: Reply with quote

I ran into this problem myself:

I have a machine booting from network, with nfs root. If the root is monuted with nfsvers=3 suid works. If mounted with nfsvers=4, suid fails!

UID s are fine, everything's working, ls -l shows

-rws--x--x 1 root root 1941608 .......... /usr/bin/Xorg

on nfs3 the user can start X, on nfs4 it can't. The root can of course. I cannot find any documentation on this, man mount, man nfs, bugs.gentoo.org, and I found this thread with google :D

sys-kernel/gentoo-sources-3.4.0
net-fs/nfs-utils-1.2.3-r1 (tested with 1.2.6 too)
amd64 system, except the gentoo-sources. (it is ~amd64)

mounting the share on localhost works. I don't know where to find... The system is booted with dracut. It can be the problem of dracut, nfs, some config file, nfs server maybe... I don't know :\
Back to top
View user's profile Send private message
olli.bo
Apprentice
Apprentice


Joined: 16 Jul 2003
Posts: 208
Location: Germany

PostPosted: Sun Jun 03, 2012 8:38 pm    Post subject: Reply with quote

Yes, seems to be my problem. ;-)
Until now I didnt find a solution for this issue. It seems no one can help or NFS4 is not built for running a machine over the network... :-/
Please post if you find a solution...
Back to top
View user's profile Send private message
dblaci
n00b
n00b


Joined: 05 Oct 2004
Posts: 29

PostPosted: Mon Jun 04, 2012 6:00 pm    Post subject: Reply with quote

olli.bo wrote:
Yes, seems to be my problem. ;-)
Until now I didnt find a solution for this issue. It seems no one can help or NFS4 is not built for running a machine over the network... :-/
Please post if you find a solution...


LOL... Your original post is old. I see tutorials, and topics about nfs4 root, and I don't think they don't use suid executables. I think we misconfigured something... NFS3 works anyway... :D I will tell you if I find out. In fact I don't have anything that needs nfs4 (or at least I don't know... maybe it would be faster because of some new features, cache etc...) :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum