[OFF TOPIC] : setuid() on nfs mounted root file system.

ADAM Sulmicki (adam@cfar.umd.edu)
Mon, 15 Dec 1997 13:19:55 -0500 (EST)

Yes, I know it is off topic (or maybe not??), but I'm deperate, I'm
trying to find answer for few good months, and I have looked everywhere.
I just need someone who know well kernel,libc,nfs,nfsd to tell where the
problem could possibly lie.

I'm trying to boot "diskless" machine, it boots successfully, so it
obviously has nfs mounted root files system ("/"). I can login as rot and
do anything without any problems. However for some odd reasons after I set
different uid I can't do anything else. It is based on RH 4.2 w/ shadows
and PAM.

As I said everthing works fine as long as it is root, but as soon as I try
change uid/gid ther are problem, here are some examples.

[root@sf /]# su foo
su: cannot run /bin/bash: Permission denied

[root@sf /]# telnet localhost
Connected to localhost.
Escape character is '^]'.
login: foo
No directory /foo!
Connection closed by foreign host.

The permissions for bash of course are fine and the dir /foo exist w/
proper permisions. The nfs root is exported properly as well, the
corresponding line from /etc/exports of nfs servers is fine as well.

-rwxr-xr-x 1 root root 300668 Sep 3 1996 /bin/bash
drwxrwxr-x 3 foo foo 1024 Dec 13 12:42 foo
/tftpboot.sf sf.some.domain(rw,no_root_squash)

I have writen simple program which tries to setuid() itself,
from inital look it seems that after it setuid itself to some "plain" user
it can't do anything, for example, here is man body of the program.

caller = getuid();
user = getpwuid(caller);
cout << user << endl;
if (!user) perror("getpwuid()");

int err = setuid(500);

caller = getuid();
user = getpwuid(caller);
cout << user << endl;
if (!user) perror("getpwuid()");

we now run it on plain file system w/ root coming from a hdd, it returns
then pointers to entries in passwd ..

[root@eax PPP]# ./a.out

but if i run it on system w/ nfs mounted hdd i get nill's instead.

[root@sf /]# ./a.out
getpwuid(): Permission denied
[root@sf /]#

any help? i'm really desperate..