← Back to team overview

kernel-packages team mailing list archive

[Bug 1424727] Re: NFS access not revoked on kdestroy

 

Command didn't work remotely,  nothing relevant is in syslog/kern.og.

** Changed in: linux (Ubuntu)
       Status: Incomplete => Confirmed

** Description changed:

  1) Ubuntu 14.04
- 2) 3.13 kernel or mainline kernel 3.19.   
+ 2) 3.13 kernel or mainline kernel 3.19.
  krb5-user [1.12+dfsg-2ubuntu5.1]
- nfs-common [1:1.2.8-6ubuntu1] 
+ nfs-common [1:1.2.8-6ubuntu1]
  3) What should happen:
  Start as unpriviledged (in a kerberos sense) user with access to a kerberos protected NFS share (in this case it contains home directories)
  kinit user1
  ls ~user1 #Test user1 permissions, this should always succeed (and does)
  
  kdestroy #should destroy user1 permissions
  
  kinit user2
  ls ~user2# this should succeed!
  ls ~user1# this should fail!
  
  4) What happened instead:
  After kinit user2:
  ls ~user2# this FAILS
  ls ~user1# this still WORKS
  
  This appears to be known upstream:
  http://www.citi.umich.edu/projects/nfsv4/linux/faq/#krb5_006
  
  Bits and pieces of an earlier attempt at a fix:
  http://www.spinics.net/lists/linux-nfs/msg34236.html
- nfslogin/logout prototype http://www.citi.umich.edu/projects/asci/icsi-alpha/nfs-utils-patches/1.0.10-asci-2/nfs-utils-1.0.10-asci-017-add_nfslogin.dif 
+ nfslogin/logout prototype http://www.citi.umich.edu/projects/asci/icsi-alpha/nfs-utils-patches/1.0.10-asci-2/nfs-utils-1.0.10-asci-017-add_nfslogin.dif
  
  Another bug request: https://fedorahosted.org/gss-proxy/ticket/1  (and
  linked discussion)
+ 
+ Workarounds:
+ Unmount/Mount NFS share

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1424727

Title:
  NFS access not revoked on kdestroy

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  1) Ubuntu 14.04
  2) 3.13 kernel or mainline kernel 3.19.
  krb5-user [1.12+dfsg-2ubuntu5.1]
  nfs-common [1:1.2.8-6ubuntu1]
  3) What should happen:
  Start as unpriviledged (in a kerberos sense) user with access to a kerberos protected NFS share (in this case it contains home directories)
  kinit user1
  ls ~user1 #Test user1 permissions, this should always succeed (and does)

  kdestroy #should destroy user1 permissions

  kinit user2
  ls ~user2# this should succeed!
  ls ~user1# this should fail!

  4) What happened instead:
  After kinit user2:
  ls ~user2# this FAILS
  ls ~user1# this still WORKS

  This appears to be known upstream:
  http://www.citi.umich.edu/projects/nfsv4/linux/faq/#krb5_006

  Bits and pieces of an earlier attempt at a fix:
  http://www.spinics.net/lists/linux-nfs/msg34236.html
  nfslogin/logout prototype http://www.citi.umich.edu/projects/asci/icsi-alpha/nfs-utils-patches/1.0.10-asci-2/nfs-utils-1.0.10-asci-017-add_nfslogin.dif

  Another bug request: https://fedorahosted.org/gss-proxy/ticket/1  (and
  linked discussion)

  Workarounds:
  Unmount/Mount NFS share

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1424727/+subscriptions


References