nfs buggery on nas326

Post Reply
zyxtie
Posts: 3
Joined: Wed Mar 15, 2017 3:25 pm

nfs buggery on nas326

Post by zyxtie » Wed Mar 15, 2017 4:09 pm

hi,

I've been struggling with getting nfd to do what I want. I used the plugin via the webinterface to export a share and only allow access to 2 IPs, however when I checked the /etc/exports via ssh I discovered it exported the share to * as well :roll:

Code: Select all

~ # ls -alh /etc/exports
lrwxrwxrwx    1 root     root          37 Mar 12 04:37 /etc/exports -> /i-data/72a1319b/.PKG/NFS/etc/exports

~ # ls -alh /i-data/72a1319b/.PKG/NFS/etc/exports
-rw-rw-rw-    1 root     root         248 Mar 12 04:37 /i-data/72a1319b/.PKG/NFS/etc/exports

~ # cat /i-data/72a1319b/.PKG/NFS/etc/exports
/i-data/72a1319b/nfs/openstack 192.168.1.20(rw,sync,no_subtree_check,wdelay,no_root_squash) 192.168.1.151(rw,sync,no_subtree_check,wdelay,no_root_squash) #
/i-data/72a1319b/nfs *(rw,sync,crossmnt,fsid=0,no_subtree_check,wdelay,no_root_squash) #
the second line in the exports file is the one I don't want (and didn't configure, but I guess the nfs plugin is buggy, so it added the *, aka "open to all" option for me...)

so no problem I thought I just edit /etc/exports file with vi and run an exportfs, but it persists in the * line, rebooting the nas, also returns the second line in the /etc/exports file, since it's /etc/exports file lives on internal storage (/i-data/72a1319b) I would have expected my edits to 'stick', but somehow they don't

Anyone knows how I can persistently edit the /etc/exports file? Or alternatively can I achieve the same result I want (ie only allow access to 192.168.1.20 and 192.168.1.151) by installing the iptables opkg?

Mijzelf
Posts: 6224
Joined: Mon Jun 16, 2008 10:45 am

Re: nfs buggery on nas326

Post by Mijzelf » Thu Mar 16, 2017 11:37 am

iptables is not going to work, I think. The iptables kernel modules are not implemented in the kernel, and they can't be added later.

Your evil code can be found in the NFS startscript, /i-data/sysvol/.PKG/NFS/etc/init.d/NFS. In function nfs_export_ini() that line is added. You can just remove the call in start_nfs(), and see if your NAS explodes.

zyxtie
Posts: 3
Joined: Wed Mar 15, 2017 3:25 pm

Re: nfs buggery on nas326

Post by zyxtie » Mon Mar 20, 2017 3:07 pm

good catch that did the trick, thx :!:

Post Reply