NFS: client permission error after adding user to permissible group
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Committed
|
Medium
|
Chengen Du | ||
Bionic |
Fix Released
|
Medium
|
Chengen Du | ||
Focal |
Fix Released
|
Medium
|
Chengen Du | ||
Jammy |
Fix Released
|
Medium
|
Chengen Du | ||
Kinetic |
Fix Released
|
Medium
|
Chengen Du | ||
Lunar |
Fix Committed
|
Medium
|
Chengen Du |
Bug Description
[Impact]
The NFS client's access cache becomes stale due to the user's group membership changing on the server after the user has already logged in on the client.
The access cache only expires if either NFS_INO_
Adding a user to a group in the NFS server will not cause any file attributes to change.
The client will encounter permission errors until other file attributes are changed or the memory cache is dropped.
[Fix]
The access cache shall be cleared once the user logs out and logs back in again.
0eb43812c0270ee
029085b8949f5d2
5e9a7b9c2ea1855
[Test Plan]
1.[client side] testuser is not part of testgroup
testuser@
drwxrwx--- 2 root testgroup 4096 Nov 24 08:23 /mnt/private/
testuser@
mktemp: failed to create file via template
‘/mnt/
2.[server side] add testuser into testgroup, which has access to folder
root@kinetic:~$ usermod -aG testgroup testuser &&
echo `date +'%s'` > /proc/net/
3.[client side] create a file again but still fail
testuser@
mktemp: failed to create file via template
‘/mnt/
[Where problems could occur]
The fix will apply upstream commits, so the regression can be considered as low.
CVE References
Changed in linux (Ubuntu Bionic): | |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu Focal): | |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu Jammy): | |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu Kinetic): | |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu Lunar): | |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu Bionic): | |
assignee: | nobody → ChengEn, Du (chengendu) |
Changed in linux (Ubuntu Focal): | |
assignee: | nobody → ChengEn, Du (chengendu) |
Changed in linux (Ubuntu Jammy): | |
assignee: | nobody → ChengEn, Du (chengendu) |
Changed in linux (Ubuntu Kinetic): | |
assignee: | nobody → ChengEn, Du (chengendu) |
Changed in linux (Ubuntu Lunar): | |
assignee: | nobody → ChengEn, Du (chengendu) |
tags: | added: bionic focal jammy kinetic lunar sts |
Changed in linux (Ubuntu Jammy): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Kinetic): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Jammy): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Kinetic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Focal): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Lunar): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Lunar): | |
status: | In Progress → Fix Committed |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 2003053
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.