NFS Mount noexec flag appear event though it is not explicit

pedro_rocha · ‎2020-07-29

Hello,

Customer used to mount an NFS share on a 7-mode system using the following string:

IP:/EXPORT /MountPoint nfs rw,user,nolock,vers=3,bg,soft,acl,_netdev 0 0

He told me he has always been able to execute files inside the mount point (regardless of the user flag which has noexec as an implication).

So, recently, the volume the export above was migrated to ONTAP (9.7). Customer continued to mount with the same NFS mount options, but now the OS is recognizing the noexec flag.

IP:/EXPORT /MountPoint nfs rw,nosuid,nodev,noexec,relatime,...

Customer asked if there is any option on ONTAP (export or volume) that changed the behaviour. Any thoughts?

I told him that when using the user flag, he must explicitly user the exec flag after it to have the desired executions permissions.

Regards,

Pedro

parisi · ‎2020-08-03

There probably is some server side option/export policy option doing this. When mounting, it's probably autonegotiating. Either that, or the client is sending the request.

However, I was unable to reproduce it.

- What is the volume security style?

- What is the output of the following:

- set diag; nfs server show -instance

- set diag; export-policy rule show -instance

You may want to collect a packet capture of the issue and open a support case.

pedro_rocha · ‎2020-08-04

Hi,

Thanks for answering.

Here it is:

- What is the volume security style? UNIX

- What is the output of the following:

- set diag; nfs server show -instance

attached nfs01.txt file

- set diag; export-policy rule show -instance

attached nfs02.txt file

Kind regards,

Pedro Rocha.