From nobody@FreeBSD.org  Tue Jun  5 15:35:41 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id C615137B403
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  5 Jun 2001 15:35:40 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.3/8.11.3) id f55MZel67387;
	Tue, 5 Jun 2001 15:35:40 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200106052235.f55MZel67387@freefall.freebsd.org>
Date: Tue, 5 Jun 2001 15:35:40 -0700 (PDT)
From: sbotsford@yottayotta.com
To: freebsd-gnats-submit@FreeBSD.org
Subject: Error in /etc/exports invalidates entire line, not just single host.
X-Send-Pr-Version: www-1.0

>Number:         27896
>Category:       conf
>Synopsis:       Error in /etc/exports invalidates entire line, not just single host.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          analyzed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 05 15:40:01 PDT 2001
>Closed-Date:    
>Last-Modified:  Wed Apr 25 22:10:06 GMT 2007
>Originator:     Sherwood Botsford
>Release:        4.2
>Organization:
Yotta Yotta Inc
>Environment:
FreeBSD rhea.edmonton.yottayotta.com 4.2-RELEASE FreeBSD 4.2-RELEASE #0: Mon Mar  5 11:09:22 MST 2001     root@rhea.edmonton.yottayotta.com:/usr/src/sys/compile/RHEA-EXP1  i386

>Description:
if a host is defined as part of a netgroup, and is mentioned explicitly
for another line for the same file system, but with different privledges,
then the entire line is invalidated.
>How-To-Repeat:
Consider:
lindesk is the netgroup containing  dumpling, croisant, and biscuit.
linserve is the netgroup containing smaug, balrog, and gollum
explorer is a linux desktop box used for administration.

Rhea has the following exports file:
/nfs/home	-maproot=nobody lindesk 
/nfs/home	-maproot=root explorer linserve

This works.
Now add explorer to the lindesk group.
Foof! linserve can no longer mount /nfs/home.  This is counter intuitive.
especially, as writting the above line as two lines would
localize the problem to explorer.
>Fix:
Workaround
1.  Write lines with a single entry per client entity (host or netgroup)

Wishes:
0.  If a host causes a problem in a line, then it should affect that
host not the whole line:  E.g:

/nfs/home/	-maproot=root 	foo bar

should be equivalent in behaviour to 

/nfs/home/	-maproot=root	foo
/nfs/home/	-maproot=root	bar

1.  Flag for mountd to test the validity of exports file.
E.g. mountd -v /nfs/home foo.bar.com
	Mount suceeds with privleges root=nobody -- line 27
     mound -v /nfs/home explorer.bar.com
	Mount fails -- host is twice referenced line 26 and 40.

2.  Have a mountd flag so that if a host is doubly referenced, it
gets the more restrictive set of privleges, OR it gets the first set
of privleges. (along with a log message.) OR if a host is mentioned 
explicity and is in a netgroup, then then explicit reference takes
priority.


>Release-Note:
>Audit-Trail:

From: Harrison Grundy <astrodog@gmail.com>
To: bug-followup@FreeBSD.org,  sbotsford@yottayotta.com
Cc:  
Subject: Re: conf/27896: Error in /etc/exports invalidates entire line, not
 just single host.
Date: Wed, 21 Mar 2007 23:18:51 -0500

 Because given export lines can be mutually exclusive, there is no way to 
 rationally handle this behavior. Throwing an error on the NFS server 
 seems like the only real way to handle this.
State-Changed-From-To: open->analyzed 
State-Changed-By: linimon 
State-Changed-When: Wed Apr 25 22:09:15 UTC 2007 
State-Changed-Why:  
email feedback indicates that there should probably be an error recovery 
for this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=27896 
>Unformatted:
