kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #105219
[Bug 1424727] [NEW] NFS access not revoked on kdestroy
Public bug reported:
1) Ubuntu 14.04
2) 3.13 kernel or mainline kernel 3.19.
krb5-user [1.12+dfsg-2ubuntu5.1]
nfs-common [1:1.2.8-6ubuntu1]
3) What should happen:
Start as unpriviledged (in a kerberos sense) user with access to a kerberos protected NFS share (in this case it contains home directories)
kinit user1
ls ~user1 #Test user1 permissions, this should always succeed (and does)
kdestroy #should destroy user1 permissions
kinit user2
ls ~user2# this should succeed!
ls ~user1# this should fail!
4) What happened instead:
After kinit user2:
ls ~user2# this FAILS
ls ~user1# this still WORKS
This appears to be known upstream:
http://www.citi.umich.edu/projects/nfsv4/linux/faq/#krb5_006
Bits and pieces of an earlier attempt at a fix:
http://www.spinics.net/lists/linux-nfs/msg34236.html
nfslogin/logout prototype http://www.citi.umich.edu/projects/asci/icsi-alpha/nfs-utils-patches/1.0.10-asci-2/nfs-utils-1.0.10-asci-017-add_nfslogin.dif
Another bug request: https://fedorahosted.org/gss-proxy/ticket/1 (and
linked discussion)
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Tags: kernel-bug-exists-upstream
** Tags added: kernel-bug-exists-upstream
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1424727
Title:
NFS access not revoked on kdestroy
Status in linux package in Ubuntu:
New
Bug description:
1) Ubuntu 14.04
2) 3.13 kernel or mainline kernel 3.19.
krb5-user [1.12+dfsg-2ubuntu5.1]
nfs-common [1:1.2.8-6ubuntu1]
3) What should happen:
Start as unpriviledged (in a kerberos sense) user with access to a kerberos protected NFS share (in this case it contains home directories)
kinit user1
ls ~user1 #Test user1 permissions, this should always succeed (and does)
kdestroy #should destroy user1 permissions
kinit user2
ls ~user2# this should succeed!
ls ~user1# this should fail!
4) What happened instead:
After kinit user2:
ls ~user2# this FAILS
ls ~user1# this still WORKS
This appears to be known upstream:
http://www.citi.umich.edu/projects/nfsv4/linux/faq/#krb5_006
Bits and pieces of an earlier attempt at a fix:
http://www.spinics.net/lists/linux-nfs/msg34236.html
nfslogin/logout prototype http://www.citi.umich.edu/projects/asci/icsi-alpha/nfs-utils-patches/1.0.10-asci-2/nfs-utils-1.0.10-asci-017-add_nfslogin.dif
Another bug request: https://fedorahosted.org/gss-proxy/ticket/1 (and
linked discussion)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1424727/+subscriptions
Follow ups
References