We are setting up a couple of file servers using ZFS to replace our old Debian file servers. We have been using netgroups to allow a group of admin machines to access the files without remapping root to nobody(no_root_squash on linux and -maproot=0 on FreeBSD). All of our machines that access the nfs servers are in the utm netgroup. We use an export line for that netgroup to restrict rw access to our nfs servers. So, our exports file in FreeBSD looks like(there are more lines, but they all look like these with the filesystem changed): /thinkmate1 -maproot=0 admin /thinkmate1 utm When mountd is started, it logs: Oct 8 16:37:21 thinkmate2 mountd[2242]: bad exports list line /thinkmate1 utm mountd -d shows the following the 2nd time a filesystem is exported: mountd: can't change attributes for /thinkmate1 When I try to mount /thinkmate1 from an admin machine, it works. Also, root is able to read and write any files. When I try to mount on a non-admin machine, the client reports that it was denied by the server. If I reverse the exports lines, all hosts in the utm netgroup can access /thinkmate1, but root on admin hosts is mapped to nobody. I discovered that some hostnames are found in both the admin and utm netgroups. When I took the admin hosts out of the utm netgroup, everything worked. This is not a problem on either Linux or Solaris. Fix: The workaround is to clean up duplicate netgroup entries. It looks like each host can only be in one netgroup. How-To-Repeat: 1) Create the following files. /etc/netgroup(replace 4 spaces with tab): admin \ (hosta,,domain) domain \ (hosta,,domain) \ (hostb,,domain) /etc/exports: /export -maproot=0 admin /export domain 2) Restart mountd. 3) Try to nfs mount /export from hostb.
Responsible Changed From-To: freebsd-bugs->freebsd-fs Over to maintainer(s).
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped