unix - Why my setting with NFS and setuid not working in Linux

08
2014-07
  • Marcus Thornton

    I'm using Linux. On machine A I have such NFS setting in etc/exports:

    /home 10.0.129.130(rw,no_root_squash)

    I mount this directory on machine A on /home/nfs/ on machine B. And I've set setuid using chmod u+x program1.sh.

    On machine B I want user xyz to run the program1.sh using root privilege. The setting of program1.sh is like below:

    -rwsr-x--- 1 root house 1299 May 15 23:54 program1.sh

    , which contains mkdir -p /home/nfs/house/nsx/

    I set xyz to be in the group house so that xyz can run program1.sh. However when running program1.sh, it shows:

    mkdir: cannot create directory `/home/nfs/house/nsx/': Permission denied

    Running program1.sh as root is OK. I don't know why it's not working with user xyz.

    • Answers
  • alfasin

    Because only root and user nfs have permissions on files/folders under: /home/nfs

  • grawity

    From the name program.sh, I am guessing that you're trying to run an interpreted script, not an ELF binary. Linux has ignored the setuid bit on scripts since long ago, due to possible security issues (race condition between kernel checking the +s bit, and script interpreter opening the file).

    If this script needs to be available to specific users, create a sudo rule in /etc/sudoers that allows this:

    xyz ALL=(root:root) NOPASSWD: /usr/local/bin/program.sh

    There might be other solutions. For example, if you want to create home directories automatically (upon first login), the pam_mkhomedir.so PAM module exists for this.


    • Related Question

    linux - Setting up NFS server on Gentoo
  • StackedCrooked

    I'm trying to set up an NFS server on a Gentoo VM. I've installed nfs-utils-1.2.2 and added the following line to the /etc/exports file:

    /root/svn 10.0.0.0/255.0.0.0(rw,sync,no_subtree_check)

    However, when I try to start the nfs service I get the following errors:

    gentoo-amd64-francis orig # /etc/init.d/nfs start
FATAL: Could not load /lib/modules/2.6.24-9-pve/modules.dep: No such file or directory
 * Exporting NFS directories ...                                                          [ ok ]
 * Starting NFS mountd ...                                                                [ !! ]
 * Starting NFS daemon ...                                                                [ !! ]
 * Starting NFS smnotify ...                                                              [ ok ]

    It complains about not finding the /lib/modules/2.6.24-9-pve/modules.dep file, but the /lib/modules directory doesn't even exist on this machine.

    Does anyone know how to get it to work?


    • Related Answers
  • Jim T

    The FATAL error is caused by modprobe being run to insert the nfsd module.

    Since there's no modules directory, I'm assuming that you're running a completely module free kernel. If this isn't the case, you'll need to go to your kernel source directory (usually /usr/src/linux) and run "make modules_install" to create this directory.

    The service startup script only tries to load the module if it can't find the nfsd filesystem in the list of supported filesystems (cat /proc/filesystems to look at this yourself). Having this situation in a module free kernel implies that nfs has not been compiled into the kernel. nfs-utils is just the userspace side to get nfs working, the actual guts of it needs to be compiled into the kernel. Run make menuconfig in your kernel source directory to check this.

    Hope this helps!