GNU bug report logs - #39670
Cannot mount NFS share as user or root

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 39670 in the body.
You can then email your comments to 39670 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Nathan Dehnel <ncdehnel <at> gmail.com>
Cc: bug-guix <at> gnu.org
Subject: Re: Cannot mount NFS share as user or root
Date: Tue, 18 Feb 2020 16:33:51 -0500

Hello Nathan,

Nathan Dehnel <ncdehnel <at> gmail.com> writes:

> bash-5.0$ mount /media/store
> mount: /media/store: bad option; for several filesystems (e.g. nfs,
> cifs) you might need a /sbin/mount.<type> helper program
>
> /etc/config.scm:
>
> (file-system
>              (mount-point "/media/store")
>              (device "gentooserver:/")
>              (type "nfs4")
>              (mount? #f)
>              (create-mount-point? #t)
>              (options "rw,_netdev,noauto,user,lazytime,exec,tcp"))
>
> /etc/fstab:
>
> gentooserver:/ /media/store nfs4 rw,_netdev,noauto,user,lazytime,exec,tcp
>
> nfs-utils is installed:
>
> bash-5.0$ guix package -i nfs-utils
> The following package will be upgraded:
>    nfs-utils 2.4.2 → 2.4.2
> /gnu/store/chmbpkh0gvvmdhgwjw7rpl63f99mv7i6-nfs-utils-2.4.2
>
> nothing to be done

I encountered this too.  Perhaps we should patch some references to
mount.nfs (from nfs-utils) in the util-linux package which provides
'mount'.

In the meantime, you should use "mount.nfs" directly.

I'm opening an issue to track progress on this.

Thank you,

Maxim

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Nathan Dehnel <ncdehnel <at> gmail.com>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: bug-guix <at> gnu.org
Subject: Re: Cannot mount NFS share as user or root
Date: Tue, 18 Feb 2020 15:43:29 -0600

bash-5.0$ mount.nfs gentooserver:/ /media/store
mount.nfs: permission denied: no match for /media/store found in /etc/fstab

bash-5.0$ cat /etc/fstab | grep /media/store
gentooserver:/ /media/store nfs4 rw,_netdev,noauto,user,lazytime,exec,tcp

?

On Tue, Feb 18, 2020 at 3:33 PM Maxim Cournoyer
<maxim.cournoyer <at> gmail.com> wrote:
>
> Hello Nathan,
>
> Nathan Dehnel <ncdehnel <at> gmail.com> writes:
>
> > bash-5.0$ mount /media/store
> > mount: /media/store: bad option; for several filesystems (e.g. nfs,
> > cifs) you might need a /sbin/mount.<type> helper program
> >
> > /etc/config.scm:
> >
> > (file-system
> >              (mount-point "/media/store")
> >              (device "gentooserver:/")
> >              (type "nfs4")
> >              (mount? #f)
> >              (create-mount-point? #t)
> >              (options "rw,_netdev,noauto,user,lazytime,exec,tcp"))
> >
> > /etc/fstab:
> >
> > gentooserver:/ /media/store nfs4 rw,_netdev,noauto,user,lazytime,exec,tcp
> >
> > nfs-utils is installed:
> >
> > bash-5.0$ guix package -i nfs-utils
> > The following package will be upgraded:
> >    nfs-utils 2.4.2 → 2.4.2
> > /gnu/store/chmbpkh0gvvmdhgwjw7rpl63f99mv7i6-nfs-utils-2.4.2
> >
> > nothing to be done
>
> I encountered this too.  Perhaps we should patch some references to
> mount.nfs (from nfs-utils) in the util-linux package which provides
> 'mount'.
>
> In the meantime, you should use "mount.nfs" directly.
>
> I'm opening an issue to track progress on this.
>
> Thank you,
>
> Maxim

Message #11 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: bug-guix <at> gnu.org,Nathan Dehnel <ncdehnel <at> gmail.com>
Cc: 39670 <at> debbugs.gnu.org
Subject: Re: bug#39670: Cannot mount NFS share as user or root
Date: Tue, 18 Feb 2020 22:43:33 +0000

Hello,

On February 18, 2020 9:43:29 PM UTC, Nathan Dehnel <ncdehnel <at> gmail.com> wrote:
>bash-5.0$ mount.nfs gentooserver:/ /media/store
>mount.nfs: permission denied: no match for /media/store found in
>/etc/fstab
>
>bash-5.0$ cat /etc/fstab | grep /media/store
>gentooserver:/ /media/store nfs4
>rw,_netdev,noauto,user,lazytime,exec,tcp
>
>?

Did you try as root?

Maxim

Message #17 received at 39670 <at> debbugs.gnu.org (full text, mbox):

From: maxim.cournoyer <at> gmail.com
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: Nathan Dehnel <ncdehnel <at> gmail.com>, 39670 <at> debbugs.gnu.org
Subject: Re: bug#39670: Cannot mount NFS share as user or root
Date: Thu, 20 Feb 2020 11:25:37 -0500

Hello,

Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:
>
> I encountered this too.  Perhaps we should patch some references to
> mount.nfs (from nfs-utils) in the util-linux package which provides
> 'mount'.
>
> In the meantime, you should use "mount.nfs" directly.

I've looked into patching util-linux to reference explicitly the
mount.nfs helper, and I think this should do it:

--8<---------------cut here---------------start------------->8---
modified   libmount/src/context.c
@@ -1939,8 +1939,13 @@ int mnt_context_prepare_helper(struct libmnt_context *cxt, const char *name,
 		struct stat st;
 		int rc;
 
-		rc = snprintf(helper, sizeof(helper), "%s/%s.%s",
-						path, name, type);
+		if (startswith(type, "nfs")) {
+		  rc = snprintf(helper, sizeof(helper), "/gnu/store/c7kpr1jh5z3mrkz0yw9am86851y57cq7-nfs-utils-2.4.2/sbin/mount.nfs");
+		} else {
+		  rc = snprintf(helper, sizeof(helper), "%s/%s.%s",
+				path, name, type);
+		}
+
 		path = strtok_r(NULL, ":", &p);
 
 		if (rc < 0 || (size_t) rc >= sizeof(helper))

--8<---------------cut here---------------end--------------->8---

But, adding nfs-utils to util-linux creates a dependency cycle which is
bothersome to resolve (nfs-utils requires eudev through lvm2, as well as
util-linux itself).

I've also realised that when I was using 'sudo mount.nfs ...' it
wouldn't work because it'd look up the root user's PATH for the helper.
'sudo -E mount.nfs ...' should work.

We should document that the 'nfs-utils' package needs to be added to the
operating system declaration packages field when NFS file systems are
used.

Maxim

Message #22 received at 39670-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Nathan Dehnel <ncdehnel <at> gmail.com>
Cc: 39670-done <at> debbugs.gnu.org
Subject: Re: bug#39670: Cannot mount NFS share as user or root
Date: Wed, 27 May 2020 23:11:37 -0400

I thought documenting this, but we don't really have a section to cover
this, and it isn't really Guix specific...

So, closing.

Thank you.

Maxim

Message #33 received at 39670 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Nathan Dehnel <ncdehnel <at> gmail.com>
Cc: 39670 <at> debbugs.gnu.org
Subject: Re: bug#39670: Cannot mount NFS share as user or root
Date: Thu, 24 Sep 2020 21:53:10 -0400

Hi,

Nathan Dehnel <ncdehnel <at> gmail.com> writes:

> Right, but it's more inconvenient than just clicking the share in thunar
> and it mounting. Actually, I can't mount it without doing "sudo" first,
> despite having the "user" fstab flag set. This actually might be a separate
> issue, but I'm not sure.

That's a good point.  We should try to make this simpler.  The mount.nfs
binary needs to be setuid root to allow unprivileged users to mount NFS
file systems.  Unfortunately, the mount command (which we already define
as setuid-root) only looked for helpers under /run/current/profile/sbin.
This is now fixed in commit def6e2ae4619587114383b3f8fd9f3cf8310b4b9
(which had to be made on core-updates).

> Why doesn't the regular "mount" command work, again? Some sort of
> dependency loop because of the functional package manager? And this is
> deemed "not guix-specific"?

For some file systems, 'mount' requires helper to be found in its PATH
(see: "man mount").  That is true on any systems (not Guix-specific).
These helpers are not installed out-of-the-box on Guix System, so you
need to add them yourself to the 'packages' operating system field.

If you also want to be able to use mount as an unprivileged user, the
mount command as well as its helpers must all be setuid-root.  Again,
this is something (for the helpers) that must currently done manually by
adding, for example:

--8<---------------cut here---------------start------------->8---
(setuid-programs (cons*
                   (file-append nfs-utils "/sbin/mount.nfs")
                   (file-append ntfs-3g "/sbin/mount.ntfs-3g")
                   %setuid-programs))
--8<---------------cut here---------------end--------------->8---

I've sent a patch for review which proposes to add these setuid-root binaries for
desktop users out-of-the-box on Guix System, which only adds about 4 MiB
to the almost 3 GiB closure of the lightweight-desktop.tmpl system [0].

As mentioned before, it depends on a change to util-linux that had to be
made on the core-updates branch, so it won't be usable until the next
core-updates merge.

Maxim

[0]  https://debbugs.gnu.org/cgi/bugreport.cgi?bug=43604

Message #38 received at 39670-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Nathan Dehnel <ncdehnel <at> gmail.com>
Cc: 39670-done <at> debbugs.gnu.org
Subject: Re: bug#39670: Cannot mount NFS share as user or root
Date: Thu, 01 Oct 2020 15:49:04 -0400

Hi!

> Nathan Dehnel <ncdehnel <at> gmail.com> writes:
>
>> Right, but it's more inconvenient than just clicking the share in thunar
>> and it mounting. Actually, I can't mount it without doing "sudo" first,
>> despite having the "user" fstab flag set. This actually might be a separate
>> issue, but I'm not sure.
>
> That's a good point.  We should try to make this simpler.  The mount.nfs
> binary needs to be setuid root to allow unprivileged users to mount NFS
> file systems.  Unfortunately, the mount command (which we already define
> as setuid-root) only looked for helpers under /run/current/profile/sbin.
> This is now fixed in commit def6e2ae4619587114383b3f8fd9f3cf8310b4b9
> (which had to be made on core-updates).
>

[...]

> I've sent a patch for review which proposes to add these setuid-root binaries for
> desktop users out-of-the-box on Guix System, which only adds about 4 MiB
> to the almost 3 GiB closure of the lightweight-desktop.tmpl system [0].
>
> As mentioned before, it depends on a change to util-linux that had to be
> made on the core-updates branch, so it won't be usable until the next
> core-updates merge.

This patch has now been merged with commit d40c9f6c85.

Closing!

Thank you,

Maxim

Message #41 received at 39670-done <at> debbugs.gnu.org (full text, mbox):

From: Nathan Dehnel <ncdehnel <at> gmail.com>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: 39670-done <at> debbugs.gnu.org
Subject: Re: bug#39670: Cannot mount NFS share as user or root
Date: Fri, 2 Oct 2020 18:08:17 -0500

[Message part 1 (text/plain, inline)]

You should also setuid mount.nfs4 because the mount command calls that if
you are using NFSv4.

On Thu, Oct 1, 2020 at 2:47 PM Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
wrote:

> Hi!
>
> > Nathan Dehnel <ncdehnel <at> gmail.com> writes:
> >
> >> Right, but it's more inconvenient than just clicking the share in thunar
> >> and it mounting. Actually, I can't mount it without doing "sudo" first,
> >> despite having the "user" fstab flag set. This actually might be a
> separate
> >> issue, but I'm not sure.
> >
> > That's a good point.  We should try to make this simpler.  The mount.nfs
> > binary needs to be setuid root to allow unprivileged users to mount NFS
> > file systems.  Unfortunately, the mount command (which we already define
> > as setuid-root) only looked for helpers under /run/current/profile/sbin.
> > This is now fixed in commit def6e2ae4619587114383b3f8fd9f3cf8310b4b9
> > (which had to be made on core-updates).
> >
>
> [...]
>
> > I've sent a patch for review which proposes to add these setuid-root
> binaries for
> > desktop users out-of-the-box on Guix System, which only adds about 4 MiB
> > to the almost 3 GiB closure of the lightweight-desktop.tmpl system [0].
> >
> > As mentioned before, it depends on a change to util-linux that had to be
> > made on the core-updates branch, so it won't be usable until the next
> > core-updates merge.
>
> This patch has now been merged with commit d40c9f6c85.
>
> Closing!
>
> Thank you,
>
> Maxim
>

[Message part 2 (text/html, inline)]

Message #44 received at 39670 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Nathan Dehnel <ncdehnel <at> gmail.com>
Cc: 39670 <at> debbugs.gnu.org
Subject: Re: bug#39670: Cannot mount NFS share as user or root
Date: Mon, 12 Oct 2020 23:22:36 -0400

Hello Nathan,

Nathan Dehnel <ncdehnel <at> gmail.com> writes:

> You should also setuid mount.nfs4 because the mount command calls that if
> you are using NFSv4.

[...]

I don't think that's necessary, if your program simply calls to the
'mount' command:

sudo strace -f -s200 mount localhost:/pub /tmp/pub

--8<---------------cut here---------------start------------->8---
[...]
[pid 19019] execve("/run/current-system/profile/sbin/mount.nfs", ["/run/current-system/profile/sbin/mount.nfs", "localhost:/pub", "/tmp/pub", "-o", "rw"], 0x7fff431b5038 /* 21 vars */) = 0
[...]
--8<---------------cut here---------------end--------------->8---

You see that mount ends up calling the mount.nfs binary, not mount.nfs4
(even though 'mount' reports this is using NFS v4.2).

If you have some software using mount.nfs4, that could be patched to
mount.nfs, as mount.nfs4 is just a symlink to mount.nfs.

Thanks,

Maxim

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.