NFS share mounted - so where are the files?

[OneCD]

Hello all,

This is an interesting problem I've encountered on my new Debian Stretch server. But I don't understand what's happening.

SERVER1 (hostname: wocky, IP: 10.0.0.2)

• A sample of lines from /etc/fstab look like this:

  Code: Select all

  /media/archive     /share/archive          none    bind   0       0
  /media/audio       /share/audio            none    bind   0       0
  /media/downloads   /share/downloads        none    bind   0       0

  A sample of lines from /etc/exports look like this:

  Code: Select all

  /share                  *(rw,fsid=0,no_subtree_check,sync)
  /share/archive          10.0.0.10(rw,nohide,sync,no_subtree_check)
  /share/audio            wstation(rw,nohide,sync,no_subtree_check)
  /share/downloads        *(rw,nohide,sync,no_subtree_check)

PC1 (hostname: wstation, IP: 10.0.0.10)

• This PC can mount each of these fine:

  Code: Select all

  $ df -hT
  ...
  wocky:/archive       nfs4       11T  8.1T  2.3T  79% /media/not/archive
  wocky:/audio         nfs4       11T  8.1T  2.3T  79% /media/not/audio
  wocky:/downloads     nfs4       11T  8.1T  2.3T  79% /media/not/downloads
  

PC2 (hostname: laptop, IP: 10.0.0.41)

• This PC can also mount these, but only the last one works correctly:

  Code: Select all

  $ df -hT
  ...
  wocky:/archive       nfs4       11T  8.1T  2.3T  79% /media/not/archive
  wocky:/audio         nfs4       11T  8.1T  2.3T  79% /media/not/audio
  wocky:/downloads     nfs4       11T  8.1T  2.3T  79% /media/not/downloads
  

  The first 2 will mount (and will show as mounted), but only show 2 dot entries (for current and parent directory). The actual files that are contained in those shares are not shown.

Firstly, I don't understand how the mount command can show all 3 as successfully mounted when PC2 shouldn't be able to access the first 2. Unless it's something to do with the first export for /share being *.

Secondly, some sort of phantom mount is being created for each of the first 2. I can write files into the mount point afterward, they appear in directory lists, I can umount the shares, and the files disappear. Remount, and they are back. The disk space is clearly large enough to be SERVER1, but if I search for those files whilst on SERVER1 (using find, etc...), they don't exist.

I have power-cycled all 3 machines.

Hoping someone more experienced with NFS than myself can please advise what's going on here? Where do files placed into these phantom mounts actually write to? I'm at a loss. Please note: I'm not actually trying to get PC2 to mount these - I discovered this by accident and and trying to understand how it happened.

[debiman]

what's the /etc/fstab for the server with the "ghost" mounds?
do you have any reason to believe that there's a security problem?

[OneCD]

Hi debiman,

The fstab shown above is for the server.

No, I'm not thinking security problem - more that it seems I can mount a share from a server onto a local PC that I shouldn't be able to. And having done that, I can write files into that mounted share that cannot be found on the server or the PC.

[debiman]

so you're telling your fstab to mount something - then why are you surprised/confused when that something is there?

it's probably just an empty folder, and has nothing to do with the remote NFS.

[OneCD]

Apologies: I may have not explained this properly.

The fstab mounts are bind mounts that only occur on the server. I included them early on so the community would have the whole picture.

The mounts on each PC are not fstab mounts. Let's keep it simple and say that on PC2 it looks like:

Code: Select all

sudo mount wocky:/audio /media/not/audio

This mount command exits without error. And shows that PC2 has now mounted a remote share from SERVER1 (that it shouldn't have access to). However, the actual files on the server in that share are not visible, so it seems to be mounting a share from somewhere else. Judging by the free space available at this mount point, it must be the server. As I mentioned, I can write files into /media/not/audio and they cannot be found on the server or on PC2. So, where are they being written to?

[debiman]

my apologies, i should have said "show us the fstab from the client with the ghost mounts"

Code: Select all

sudo mount wocky:/audio /media/not/audio

This mount command exits without error. And shows that PC2 has now mounted a remote share from SERVER1 (that it shouldn't have access to).

how does it show that? does it really show that?

[steve_v]

In aid of eliminating some complexity, what happens if you get rid of the bind mounts on the server, and just export the real directories?
I'm not an expert on NFS by any stretch, but this (man page):

The nohide option is currently only effective on single host exports. It does not work reliably with netgroup, subnet, or wildcard exports.

makes me suspicious.

[OneCD]

Just back with a short progress update:

Code: Select all

$ hostname
laptop
$ sudo mount wocky:/audio /media/not/audio
$ echo $?
0
$ df -hT | grep audio
wocky:/audio         nfs4       11T  8.1T  2.3T  79% /media/not/audio

... and checking /media/not/audio reveals an empty directory.

To add to my confusion, I've been checking:

Code: Select all

$ hostname
wocky
$ sudo journalctl -xe

on the server as I've been attempting each mount. When the mount command (shown above) is run on laptop, the server shows no entry in the journal on the server.

But mounts to permitted shares are shown. As are attempted (denied) mounts from PC1 to existing shares - if I change the permitted hosts in /etc/exports to exclude PC1 (wstation).

So, this seems to be a problem on the laptop. I'll keep investigating. Thanks for your suggestions guys.