all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* Cannot mount NFS share as user or root
@ 2020-02-18  1:08 Nathan Dehnel
  2020-02-18 21:33 ` bug#39670: " Maxim Cournoyer
  0 siblings, 1 reply; 10+ messages in thread
From: Nathan Dehnel @ 2020-02-18  1:08 UTC (permalink / raw)
  To: help-guix

bash-5.0$ mount /media/store
mount: /media/store: bad option; for several filesystems (e.g. nfs,
cifs) you might need a /sbin/mount.<type> helper program

/etc/config.scm:

(file-system
             (mount-point "/media/store")
             (device "gentooserver:/")
             (type "nfs4")
             (mount? #f)
             (create-mount-point? #t)
             (options "rw,_netdev,noauto,user,lazytime,exec,tcp"))

/etc/fstab:

gentooserver:/ /media/store nfs4 rw,_netdev,noauto,user,lazytime,exec,tcp

nfs-utils is installed:

bash-5.0$ guix package -i nfs-utils
The following package will be upgraded:
   nfs-utils 2.4.2 → 2.4.2
/gnu/store/chmbpkh0gvvmdhgwjw7rpl63f99mv7i6-nfs-utils-2.4.2

nothing to be done

^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#39670: Cannot mount NFS share as user or root
  2020-02-18  1:08 Cannot mount NFS share as user or root Nathan Dehnel
@ 2020-02-18 21:33 ` Maxim Cournoyer
  2020-02-18 21:43   ` Nathan Dehnel
  2020-02-20 16:25   ` maxim.cournoyer
  0 siblings, 2 replies; 10+ messages in thread
From: Maxim Cournoyer @ 2020-02-18 21:33 UTC (permalink / raw)
  To: Nathan Dehnel; +Cc: 39670

Hello Nathan,

Nathan Dehnel <ncdehnel@gmail.com> writes:

> bash-5.0$ mount /media/store
> mount: /media/store: bad option; for several filesystems (e.g. nfs,
> cifs) you might need a /sbin/mount.<type> helper program
>
> /etc/config.scm:
>
> (file-system
>              (mount-point "/media/store")
>              (device "gentooserver:/")
>              (type "nfs4")
>              (mount? #f)
>              (create-mount-point? #t)
>              (options "rw,_netdev,noauto,user,lazytime,exec,tcp"))
>
> /etc/fstab:
>
> gentooserver:/ /media/store nfs4 rw,_netdev,noauto,user,lazytime,exec,tcp
>
> nfs-utils is installed:
>
> bash-5.0$ guix package -i nfs-utils
> The following package will be upgraded:
>    nfs-utils 2.4.2 → 2.4.2
> /gnu/store/chmbpkh0gvvmdhgwjw7rpl63f99mv7i6-nfs-utils-2.4.2
>
> nothing to be done

I encountered this too.  Perhaps we should patch some references to
mount.nfs (from nfs-utils) in the util-linux package which provides
'mount'.

In the meantime, you should use "mount.nfs" directly.

I'm opening an issue to track progress on this.

Thank you,

Maxim

^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#39670: Cannot mount NFS share as user or root
  2020-02-18 21:33 ` bug#39670: " Maxim Cournoyer
@ 2020-02-18 21:43   ` Nathan Dehnel
  2020-02-18 22:43     ` Maxim Cournoyer
  2020-02-20 16:25   ` maxim.cournoyer
  1 sibling, 1 reply; 10+ messages in thread
From: Nathan Dehnel @ 2020-02-18 21:43 UTC (permalink / raw)
  To: Maxim Cournoyer; +Cc: 39670

bash-5.0$ mount.nfs gentooserver:/ /media/store
mount.nfs: permission denied: no match for /media/store found in /etc/fstab

bash-5.0$ cat /etc/fstab | grep /media/store
gentooserver:/ /media/store nfs4 rw,_netdev,noauto,user,lazytime,exec,tcp

?

On Tue, Feb 18, 2020 at 3:33 PM Maxim Cournoyer
<maxim.cournoyer@gmail.com> wrote:
>
> Hello Nathan,
>
> Nathan Dehnel <ncdehnel@gmail.com> writes:
>
> > bash-5.0$ mount /media/store
> > mount: /media/store: bad option; for several filesystems (e.g. nfs,
> > cifs) you might need a /sbin/mount.<type> helper program
> >
> > /etc/config.scm:
> >
> > (file-system
> >              (mount-point "/media/store")
> >              (device "gentooserver:/")
> >              (type "nfs4")
> >              (mount? #f)
> >              (create-mount-point? #t)
> >              (options "rw,_netdev,noauto,user,lazytime,exec,tcp"))
> >
> > /etc/fstab:
> >
> > gentooserver:/ /media/store nfs4 rw,_netdev,noauto,user,lazytime,exec,tcp
> >
> > nfs-utils is installed:
> >
> > bash-5.0$ guix package -i nfs-utils
> > The following package will be upgraded:
> >    nfs-utils 2.4.2 → 2.4.2
> > /gnu/store/chmbpkh0gvvmdhgwjw7rpl63f99mv7i6-nfs-utils-2.4.2
> >
> > nothing to be done
>
> I encountered this too.  Perhaps we should patch some references to
> mount.nfs (from nfs-utils) in the util-linux package which provides
> 'mount'.
>
> In the meantime, you should use "mount.nfs" directly.
>
> I'm opening an issue to track progress on this.
>
> Thank you,
>
> Maxim

^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#39670: Cannot mount NFS share as user or root
  2020-02-18 21:43   ` Nathan Dehnel
@ 2020-02-18 22:43     ` Maxim Cournoyer
  0 siblings, 0 replies; 10+ messages in thread
From: Maxim Cournoyer @ 2020-02-18 22:43 UTC (permalink / raw)
  To: 39670, ncdehnel

Hello,

On February 18, 2020 9:43:29 PM UTC, Nathan Dehnel <ncdehnel@gmail.com> wrote:
>bash-5.0$ mount.nfs gentooserver:/ /media/store
>mount.nfs: permission denied: no match for /media/store found in
>/etc/fstab
>
>bash-5.0$ cat /etc/fstab | grep /media/store
>gentooserver:/ /media/store nfs4
>rw,_netdev,noauto,user,lazytime,exec,tcp
>
>?

Did you try as root?

Maxim

^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#39670: Cannot mount NFS share as user or root
  2020-02-18 21:33 ` bug#39670: " Maxim Cournoyer
  2020-02-18 21:43   ` Nathan Dehnel
@ 2020-02-20 16:25   ` maxim.cournoyer
  2020-05-28  3:11     ` Maxim Cournoyer
  1 sibling, 1 reply; 10+ messages in thread
From: maxim.cournoyer @ 2020-02-20 16:25 UTC (permalink / raw)
  To: Maxim Cournoyer; +Cc: Nathan Dehnel, 39670

Hello,

Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
>
> I encountered this too.  Perhaps we should patch some references to
> mount.nfs (from nfs-utils) in the util-linux package which provides
> 'mount'.
>
> In the meantime, you should use "mount.nfs" directly.

I've looked into patching util-linux to reference explicitly the
mount.nfs helper, and I think this should do it:

--8<---------------cut here---------------start------------->8---
modified   libmount/src/context.c
@@ -1939,8 +1939,13 @@ int mnt_context_prepare_helper(struct libmnt_context *cxt, const char *name,
 		struct stat st;
 		int rc;
 
-		rc = snprintf(helper, sizeof(helper), "%s/%s.%s",
-						path, name, type);
+		if (startswith(type, "nfs")) {
+		  rc = snprintf(helper, sizeof(helper), "/gnu/store/c7kpr1jh5z3mrkz0yw9am86851y57cq7-nfs-utils-2.4.2/sbin/mount.nfs");
+		} else {
+		  rc = snprintf(helper, sizeof(helper), "%s/%s.%s",
+				path, name, type);
+		}
+
 		path = strtok_r(NULL, ":", &p);
 
 		if (rc < 0 || (size_t) rc >= sizeof(helper))

--8<---------------cut here---------------end--------------->8---

But, adding nfs-utils to util-linux creates a dependency cycle which is
bothersome to resolve (nfs-utils requires eudev through lvm2, as well as
util-linux itself).

I've also realised that when I was using 'sudo mount.nfs ...' it
wouldn't work because it'd look up the root user's PATH for the helper.
'sudo -E mount.nfs ...' should work.

We should document that the 'nfs-utils' package needs to be added to the
operating system declaration packages field when NFS file systems are
used.

Maxim

^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#39670: Cannot mount NFS share as user or root
  2020-02-20 16:25   ` maxim.cournoyer
@ 2020-05-28  3:11     ` Maxim Cournoyer
       [not found]       ` <CAEEhgEt109hcO1STeYv8rWT1hcn+K+JK-AO_1jvP6hJv8etf5w@mail.gmail.com>
  0 siblings, 1 reply; 10+ messages in thread
From: Maxim Cournoyer @ 2020-05-28  3:11 UTC (permalink / raw)
  To: Nathan Dehnel; +Cc: 39670-done

I thought documenting this, but we don't really have a section to cover
this, and it isn't really Guix specific...

So, closing.

Thank you.

Maxim




^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#39670: Cannot mount NFS share as user or root
       [not found]           ` <CAEEhgEtAeoxDcNQdR4BHx+9BCZq=9w5-A+Y0-J1L6Jf8rfFKkA@mail.gmail.com>
@ 2020-09-25  1:53             ` Maxim Cournoyer
  2020-10-01 19:49               ` Maxim Cournoyer
  0 siblings, 1 reply; 10+ messages in thread
From: Maxim Cournoyer @ 2020-09-25  1:53 UTC (permalink / raw)
  To: Nathan Dehnel; +Cc: 39670

Hi,

Nathan Dehnel <ncdehnel@gmail.com> writes:

> Right, but it's more inconvenient than just clicking the share in thunar
> and it mounting. Actually, I can't mount it without doing "sudo" first,
> despite having the "user" fstab flag set. This actually might be a separate
> issue, but I'm not sure.

That's a good point.  We should try to make this simpler.  The mount.nfs
binary needs to be setuid root to allow unprivileged users to mount NFS
file systems.  Unfortunately, the mount command (which we already define
as setuid-root) only looked for helpers under /run/current/profile/sbin.
This is now fixed in commit def6e2ae4619587114383b3f8fd9f3cf8310b4b9
(which had to be made on core-updates).

> Why doesn't the regular "mount" command work, again? Some sort of
> dependency loop because of the functional package manager? And this is
> deemed "not guix-specific"?

For some file systems, 'mount' requires helper to be found in its PATH
(see: "man mount").  That is true on any systems (not Guix-specific).
These helpers are not installed out-of-the-box on Guix System, so you
need to add them yourself to the 'packages' operating system field.

If you also want to be able to use mount as an unprivileged user, the
mount command as well as its helpers must all be setuid-root.  Again,
this is something (for the helpers) that must currently done manually by
adding, for example:

--8<---------------cut here---------------start------------->8---
(setuid-programs (cons*
                   (file-append nfs-utils "/sbin/mount.nfs")
                   (file-append ntfs-3g "/sbin/mount.ntfs-3g")
                   %setuid-programs))
--8<---------------cut here---------------end--------------->8---

I've sent a patch for review which proposes to add these setuid-root binaries for
desktop users out-of-the-box on Guix System, which only adds about 4 MiB
to the almost 3 GiB closure of the lightweight-desktop.tmpl system [0].

As mentioned before, it depends on a change to util-linux that had to be
made on the core-updates branch, so it won't be usable until the next
core-updates merge.

Maxim

[0]  https://debbugs.gnu.org/cgi/bugreport.cgi?bug=43604




^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#39670: Cannot mount NFS share as user or root
  2020-09-25  1:53             ` Maxim Cournoyer
@ 2020-10-01 19:49               ` Maxim Cournoyer
  2020-10-02 23:08                 ` Nathan Dehnel
  0 siblings, 1 reply; 10+ messages in thread
From: Maxim Cournoyer @ 2020-10-01 19:49 UTC (permalink / raw)
  To: Nathan Dehnel; +Cc: 39670-done

Hi!

> Nathan Dehnel <ncdehnel@gmail.com> writes:
>
>> Right, but it's more inconvenient than just clicking the share in thunar
>> and it mounting. Actually, I can't mount it without doing "sudo" first,
>> despite having the "user" fstab flag set. This actually might be a separate
>> issue, but I'm not sure.
>
> That's a good point.  We should try to make this simpler.  The mount.nfs
> binary needs to be setuid root to allow unprivileged users to mount NFS
> file systems.  Unfortunately, the mount command (which we already define
> as setuid-root) only looked for helpers under /run/current/profile/sbin.
> This is now fixed in commit def6e2ae4619587114383b3f8fd9f3cf8310b4b9
> (which had to be made on core-updates).
>

[...]

> I've sent a patch for review which proposes to add these setuid-root binaries for
> desktop users out-of-the-box on Guix System, which only adds about 4 MiB
> to the almost 3 GiB closure of the lightweight-desktop.tmpl system [0].
>
> As mentioned before, it depends on a change to util-linux that had to be
> made on the core-updates branch, so it won't be usable until the next
> core-updates merge.

This patch has now been merged with commit d40c9f6c85.

Closing!

Thank you,

Maxim




^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#39670: Cannot mount NFS share as user or root
  2020-10-01 19:49               ` Maxim Cournoyer
@ 2020-10-02 23:08                 ` Nathan Dehnel
  2020-10-13  3:22                   ` Maxim Cournoyer
  0 siblings, 1 reply; 10+ messages in thread
From: Nathan Dehnel @ 2020-10-02 23:08 UTC (permalink / raw)
  To: Maxim Cournoyer; +Cc: 39670-done

[-- Attachment #1: Type: text/plain, Size: 1469 bytes --]

You should also setuid mount.nfs4 because the mount command calls that if
you are using NFSv4.

On Thu, Oct 1, 2020 at 2:47 PM Maxim Cournoyer <maxim.cournoyer@gmail.com>
wrote:

> Hi!
>
> > Nathan Dehnel <ncdehnel@gmail.com> writes:
> >
> >> Right, but it's more inconvenient than just clicking the share in thunar
> >> and it mounting. Actually, I can't mount it without doing "sudo" first,
> >> despite having the "user" fstab flag set. This actually might be a
> separate
> >> issue, but I'm not sure.
> >
> > That's a good point.  We should try to make this simpler.  The mount.nfs
> > binary needs to be setuid root to allow unprivileged users to mount NFS
> > file systems.  Unfortunately, the mount command (which we already define
> > as setuid-root) only looked for helpers under /run/current/profile/sbin.
> > This is now fixed in commit def6e2ae4619587114383b3f8fd9f3cf8310b4b9
> > (which had to be made on core-updates).
> >
>
> [...]
>
> > I've sent a patch for review which proposes to add these setuid-root
> binaries for
> > desktop users out-of-the-box on Guix System, which only adds about 4 MiB
> > to the almost 3 GiB closure of the lightweight-desktop.tmpl system [0].
> >
> > As mentioned before, it depends on a change to util-linux that had to be
> > made on the core-updates branch, so it won't be usable until the next
> > core-updates merge.
>
> This patch has now been merged with commit d40c9f6c85.
>
> Closing!
>
> Thank you,
>
> Maxim
>

[-- Attachment #2: Type: text/html, Size: 2045 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* bug#39670: Cannot mount NFS share as user or root
  2020-10-02 23:08                 ` Nathan Dehnel
@ 2020-10-13  3:22                   ` Maxim Cournoyer
  0 siblings, 0 replies; 10+ messages in thread
From: Maxim Cournoyer @ 2020-10-13  3:22 UTC (permalink / raw)
  To: Nathan Dehnel; +Cc: 39670

Hello Nathan,

Nathan Dehnel <ncdehnel@gmail.com> writes:

> You should also setuid mount.nfs4 because the mount command calls that if
> you are using NFSv4.

[...]

I don't think that's necessary, if your program simply calls to the
'mount' command:

sudo strace -f -s200 mount localhost:/pub /tmp/pub

--8<---------------cut here---------------start------------->8---
[...]
[pid 19019] execve("/run/current-system/profile/sbin/mount.nfs", ["/run/current-system/profile/sbin/mount.nfs", "localhost:/pub", "/tmp/pub", "-o", "rw"], 0x7fff431b5038 /* 21 vars */) = 0
[...]
--8<---------------cut here---------------end--------------->8---

You see that mount ends up calling the mount.nfs binary, not mount.nfs4
(even though 'mount' reports this is using NFS v4.2).

If you have some software using mount.nfs4, that could be patched to
mount.nfs, as mount.nfs4 is just a symlink to mount.nfs.

Thanks,

Maxim




^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2020-10-13  3:23 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-02-18  1:08 Cannot mount NFS share as user or root Nathan Dehnel
2020-02-18 21:33 ` bug#39670: " Maxim Cournoyer
2020-02-18 21:43   ` Nathan Dehnel
2020-02-18 22:43     ` Maxim Cournoyer
2020-02-20 16:25   ` maxim.cournoyer
2020-05-28  3:11     ` Maxim Cournoyer
     [not found]       ` <CAEEhgEt109hcO1STeYv8rWT1hcn+K+JK-AO_1jvP6hJv8etf5w@mail.gmail.com>
     [not found]         ` <87y2kzvmc2.fsf@gmail.com>
     [not found]           ` <CAEEhgEtAeoxDcNQdR4BHx+9BCZq=9w5-A+Y0-J1L6Jf8rfFKkA@mail.gmail.com>
2020-09-25  1:53             ` Maxim Cournoyer
2020-10-01 19:49               ` Maxim Cournoyer
2020-10-02 23:08                 ` Nathan Dehnel
2020-10-13  3:22                   ` Maxim Cournoyer

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.