Cannot mount NFS share as user or root

  • Done
  • quality assurance status badge
Details
2 participants
  • Maxim Cournoyer
  • Nathan Dehnel
Owner
unassigned
Submitted by
Maxim Cournoyer
Severity
normal
M
M
Maxim Cournoyer wrote on 18 Feb 2020 22:33
(name . Nathan Dehnel)(address . ncdehnel@gmail.com)(address . bug-guix@gnu.org)
87o8tvwpfk.fsf@gmail.com
Hello Nathan,

Nathan Dehnel <ncdehnel@gmail.com> writes:

Toggle quote (27 lines)
> bash-5.0$ mount /media/store
> mount: /media/store: bad option; for several filesystems (e.g. nfs,
> cifs) you might need a /sbin/mount.<type> helper program
>
> /etc/config.scm:
>
> (file-system
> (mount-point "/media/store")
> (device "gentooserver:/")
> (type "nfs4")
> (mount? #f)
> (create-mount-point? #t)
> (options "rw,_netdev,noauto,user,lazytime,exec,tcp"))
>
> /etc/fstab:
>
> gentooserver:/ /media/store nfs4 rw,_netdev,noauto,user,lazytime,exec,tcp
>
> nfs-utils is installed:
>
> bash-5.0$ guix package -i nfs-utils
> The following package will be upgraded:
> nfs-utils 2.4.2 → 2.4.2
> /gnu/store/chmbpkh0gvvmdhgwjw7rpl63f99mv7i6-nfs-utils-2.4.2
>
> nothing to be done

I encountered this too. Perhaps we should patch some references to
mount.nfs (from nfs-utils) in the util-linux package which provides
'mount'.

In the meantime, you should use "mount.nfs" directly.

I'm opening an issue to track progress on this.

Thank you,

Maxim
N
N
Nathan Dehnel wrote on 18 Feb 2020 22:43
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . bug-guix@gnu.org)
CAEEhgEv5QE0=Kv1C1ftu3cEJAFksvv+1uM+p-T+MbNcUfmbY=g@mail.gmail.com
bash-5.0$ mount.nfs gentooserver:/ /media/store
mount.nfs: permission denied: no match for /media/store found in /etc/fstab

bash-5.0$ cat /etc/fstab | grep /media/store
gentooserver:/ /media/store nfs4 rw,_netdev,noauto,user,lazytime,exec,tcp

?

On Tue, Feb 18, 2020 at 3:33 PM Maxim Cournoyer
<maxim.cournoyer@gmail.com> wrote:
Toggle quote (43 lines)
>
> Hello Nathan,
>
> Nathan Dehnel <ncdehnel@gmail.com> writes:
>
> > bash-5.0$ mount /media/store
> > mount: /media/store: bad option; for several filesystems (e.g. nfs,
> > cifs) you might need a /sbin/mount.<type> helper program
> >
> > /etc/config.scm:
> >
> > (file-system
> > (mount-point "/media/store")
> > (device "gentooserver:/")
> > (type "nfs4")
> > (mount? #f)
> > (create-mount-point? #t)
> > (options "rw,_netdev,noauto,user,lazytime,exec,tcp"))
> >
> > /etc/fstab:
> >
> > gentooserver:/ /media/store nfs4 rw,_netdev,noauto,user,lazytime,exec,tcp
> >
> > nfs-utils is installed:
> >
> > bash-5.0$ guix package -i nfs-utils
> > The following package will be upgraded:
> > nfs-utils 2.4.2 → 2.4.2
> > /gnu/store/chmbpkh0gvvmdhgwjw7rpl63f99mv7i6-nfs-utils-2.4.2
> >
> > nothing to be done
>
> I encountered this too. Perhaps we should patch some references to
> mount.nfs (from nfs-utils) in the util-linux package which provides
> 'mount'.
>
> In the meantime, you should use "mount.nfs" directly.
>
> I'm opening an issue to track progress on this.
>
> Thank you,
>
> Maxim
M
M
Maxim Cournoyer wrote on 18 Feb 2020 23:43
Re: bug#39670: Cannot mount NFS share as user or root
(address . 39670@debbugs.gnu.org)
72552AC1-DDAE-4A72-A6CE-E91B6BBE5456@gmail.com
Hello,

On February 18, 2020 9:43:29 PM UTC, Nathan Dehnel <ncdehnel@gmail.com> wrote:
Toggle quote (10 lines)
>bash-5.0$ mount.nfs gentooserver:/ /media/store
>mount.nfs: permission denied: no match for /media/store found in
>/etc/fstab
>
>bash-5.0$ cat /etc/fstab | grep /media/store
>gentooserver:/ /media/store nfs4
>rw,_netdev,noauto,user,lazytime,exec,tcp
>
>?

Did you try as root?

Maxim
M
M
maxim.cournoyer wrote on 20 Feb 2020 17:25
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
87v9o18bum.fsf@raisin.i-did-not-set--mail-host-address--so-tickle-me
Hello,

Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
Toggle quote (7 lines)
>
> I encountered this too. Perhaps we should patch some references to
> mount.nfs (from nfs-utils) in the util-linux package which provides
> 'mount'.
>
> In the meantime, you should use "mount.nfs" directly.

I've looked into patching util-linux to reference explicitly the
mount.nfs helper, and I think this should do it:

Toggle snippet (20 lines)
modified libmount/src/context.c
@@ -1939,8 +1939,13 @@ int mnt_context_prepare_helper(struct libmnt_context *cxt, const char *name,
struct stat st;
int rc;
- rc = snprintf(helper, sizeof(helper), "%s/%s.%s",
- path, name, type);
+ if (startswith(type, "nfs")) {
+ rc = snprintf(helper, sizeof(helper), "/gnu/store/c7kpr1jh5z3mrkz0yw9am86851y57cq7-nfs-utils-2.4.2/sbin/mount.nfs");
+ } else {
+ rc = snprintf(helper, sizeof(helper), "%s/%s.%s",
+ path, name, type);
+ }
+
path = strtok_r(NULL, ":", &p);
if (rc < 0 || (size_t) rc >= sizeof(helper))


But, adding nfs-utils to util-linux creates a dependency cycle which is
bothersome to resolve (nfs-utils requires eudev through lvm2, as well as
util-linux itself).

I've also realised that when I was using 'sudo mount.nfs ...' it
wouldn't work because it'd look up the root user's PATH for the helper.
'sudo -E mount.nfs ...' should work.

We should document that the 'nfs-utils' package needs to be added to the
operating system declaration packages field when NFS file systems are
used.

Maxim
M
M
Maxim Cournoyer wrote on 28 May 2020 05:11
(name . Nathan Dehnel)(address . ncdehnel@gmail.com)(address . 39670-done@debbugs.gnu.org)
875zcg7nyu.fsf@gmail.com
I thought documenting this, but we don't really have a section to cover
this, and it isn't really Guix specific...

So, closing.

Thank you.

Maxim
Closed
M
M
Maxim Cournoyer wrote on 24 Sep 2020 22:44
control message for bug #39670
(address . control@debbugs.gnu.org)
87blhuvrai.fsf@gmail.com
unarchive 39670
quit
M
M
Maxim Cournoyer wrote on 25 Sep 2020 03:53
Re: bug#39670: Cannot mount NFS share as user or root
(name . Nathan Dehnel)(address . ncdehnel@gmail.com)(address . 39670@debbugs.gnu.org)
878scyvczd.fsf@gmail.com
Hi,

Nathan Dehnel <ncdehnel@gmail.com> writes:

Toggle quote (5 lines)
> Right, but it's more inconvenient than just clicking the share in thunar
> and it mounting. Actually, I can't mount it without doing "sudo" first,
> despite having the "user" fstab flag set. This actually might be a separate
> issue, but I'm not sure.

That's a good point. We should try to make this simpler. The mount.nfs
binary needs to be setuid root to allow unprivileged users to mount NFS
file systems. Unfortunately, the mount command (which we already define
as setuid-root) only looked for helpers under /run/current/profile/sbin.
This is now fixed in commit def6e2ae4619587114383b3f8fd9f3cf8310b4b9
(which had to be made on core-updates).

Toggle quote (4 lines)
> Why doesn't the regular "mount" command work, again? Some sort of
> dependency loop because of the functional package manager? And this is
> deemed "not guix-specific"?

For some file systems, 'mount' requires helper to be found in its PATH
(see: "man mount"). That is true on any systems (not Guix-specific).
These helpers are not installed out-of-the-box on Guix System, so you
need to add them yourself to the 'packages' operating system field.

If you also want to be able to use mount as an unprivileged user, the
mount command as well as its helpers must all be setuid-root. Again,
this is something (for the helpers) that must currently done manually by
adding, for example:

Toggle snippet (6 lines)
(setuid-programs (cons*
(file-append nfs-utils "/sbin/mount.nfs")
(file-append ntfs-3g "/sbin/mount.ntfs-3g")
%setuid-programs))

I've sent a patch for review which proposes to add these setuid-root binaries for
desktop users out-of-the-box on Guix System, which only adds about 4 MiB
to the almost 3 GiB closure of the lightweight-desktop.tmpl system [0].

As mentioned before, it depends on a change to util-linux that had to be
made on the core-updates branch, so it won't be usable until the next
core-updates merge.

Maxim

M
M
Maxim Cournoyer wrote on 1 Oct 2020 21:49
(name . Nathan Dehnel)(address . ncdehnel@gmail.com)(address . 39670-done@debbugs.gnu.org)
87ft6xohfz.fsf@gmail.com
Hi!

Toggle quote (15 lines)
> Nathan Dehnel <ncdehnel@gmail.com> writes:
>
>> Right, but it's more inconvenient than just clicking the share in thunar
>> and it mounting. Actually, I can't mount it without doing "sudo" first,
>> despite having the "user" fstab flag set. This actually might be a separate
>> issue, but I'm not sure.
>
> That's a good point. We should try to make this simpler. The mount.nfs
> binary needs to be setuid root to allow unprivileged users to mount NFS
> file systems. Unfortunately, the mount command (which we already define
> as setuid-root) only looked for helpers under /run/current/profile/sbin.
> This is now fixed in commit def6e2ae4619587114383b3f8fd9f3cf8310b4b9
> (which had to be made on core-updates).
>

[...]

Toggle quote (8 lines)
> I've sent a patch for review which proposes to add these setuid-root binaries for
> desktop users out-of-the-box on Guix System, which only adds about 4 MiB
> to the almost 3 GiB closure of the lightweight-desktop.tmpl system [0].
>
> As mentioned before, it depends on a change to util-linux that had to be
> made on the core-updates branch, so it won't be usable until the next
> core-updates merge.

This patch has now been merged with commit d40c9f6c85.

Closing!

Thank you,

Maxim
Closed
N
N
Nathan Dehnel wrote on 3 Oct 2020 01:08
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 39670-done@debbugs.gnu.org)
CAEEhgEux7QF4UAh+Jb7UQfWHOzrs72Jt4rEgiTDrqvULvZTrdw@mail.gmail.com
You should also setuid mount.nfs4 because the mount command calls that if
you are using NFSv4.

On Thu, Oct 1, 2020 at 2:47 PM Maxim Cournoyer <maxim.cournoyer@gmail.com>
wrote:

Toggle quote (37 lines)
> Hi!
>
> > Nathan Dehnel <ncdehnel@gmail.com> writes:
> >
> >> Right, but it's more inconvenient than just clicking the share in thunar
> >> and it mounting. Actually, I can't mount it without doing "sudo" first,
> >> despite having the "user" fstab flag set. This actually might be a
> separate
> >> issue, but I'm not sure.
> >
> > That's a good point. We should try to make this simpler. The mount.nfs
> > binary needs to be setuid root to allow unprivileged users to mount NFS
> > file systems. Unfortunately, the mount command (which we already define
> > as setuid-root) only looked for helpers under /run/current/profile/sbin.
> > This is now fixed in commit def6e2ae4619587114383b3f8fd9f3cf8310b4b9
> > (which had to be made on core-updates).
> >
>
> [...]
>
> > I've sent a patch for review which proposes to add these setuid-root
> binaries for
> > desktop users out-of-the-box on Guix System, which only adds about 4 MiB
> > to the almost 3 GiB closure of the lightweight-desktop.tmpl system [0].
> >
> > As mentioned before, it depends on a change to util-linux that had to be
> > made on the core-updates branch, so it won't be usable until the next
> > core-updates merge.
>
> This patch has now been merged with commit d40c9f6c85.
>
> Closing!
>
> Thank you,
>
> Maxim
>
Attachment: file
Closed
M
M
Maxim Cournoyer wrote on 13 Oct 2020 05:22
(name . Nathan Dehnel)(address . ncdehnel@gmail.com)(address . 39670@debbugs.gnu.org)
87362i95dv.fsf@gmail.com
Hello Nathan,

Nathan Dehnel <ncdehnel@gmail.com> writes:

Toggle quote (3 lines)
> You should also setuid mount.nfs4 because the mount command calls that if
> you are using NFSv4.

[...]

I don't think that's necessary, if your program simply calls to the
'mount' command:

sudo strace -f -s200 mount localhost:/pub /tmp/pub

Toggle snippet (5 lines)
[...]
[pid 19019] execve("/run/current-system/profile/sbin/mount.nfs", ["/run/current-system/profile/sbin/mount.nfs", "localhost:/pub", "/tmp/pub", "-o", "rw"], 0x7fff431b5038 /* 21 vars */) = 0
[...]

You see that mount ends up calling the mount.nfs binary, not mount.nfs4
(even though 'mount' reports this is using NFS v4.2).

If you have some software using mount.nfs4, that could be patched to
mount.nfs, as mount.nfs4 is just a symlink to mount.nfs.

Thanks,

Maxim
?
Your comment

This issue is archived.

To comment on this conversation send an email to 39670@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 39670
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch