Re: Inconsistency when mounting a directory that 'world' cannot access.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "J. Bruce Fields" <bfields@fieldses.org>
To: "Myklebust, Trond" <Trond.Myklebust@netapp.com>
Cc: NeilBrown <neilb@suse.de>, NFS <linux-nfs@vger.kernel.org>
Subject: Re: Inconsistency when mounting a directory that 'world' cannot access.
Date: Wed, 3 Oct 2012 12:27:28 -0400	[thread overview]
Message-ID: <20121003162728.GE14313@fieldses.org> (raw)
In-Reply-To: <4FA345DA4F4AE44899BD2B03EEEC2FA909001D77@SACEXCMBX04-PRD.hq.netapp.com>

On Wed, Oct 03, 2012 at 03:48:43PM +0000, Myklebust, Trond wrote:
> On Wed, 2012-10-03 at 11:13 -0400, J. Bruce Fields wrote:
> > On Wed, Oct 03, 2012 at 01:46:29PM +1000, NeilBrown wrote:
> > > On Tue, 2 Oct 2012 10:33:34 -0400 "J. Bruce Fields" <bfields@fieldses.org>
> > > wrote:
> > > 
> > > > I guess you're right.  So it starts to sound more like: "you have a
> > > > confusing setup.  Your export configuration says one thing, and your
> > > > filesystem permissions say another.  Under NFSv3 the confusion didn't
> > > > matter, but now it does--time to fix it."
> > > > 
> > > 
> > > That's the best I could come to - I'm glad to have it confirmed.  Thanks!
> > > 
> > > It is unfortunate that Linux NFS uses an anon credential to mount when krb5
> > > is in use, and uses 'root' when auth_sys is used (which might be anon if
> > > "root_squash" is active, but might not).
> > > I wonder if it would work to use auth_none for the mount-time lookup, just
> > > for consistency..
> > > 
> > > Is the following appropriate?  Is there somewhere better to put this caveat?
> > 
> > Unfortunately, it's more complicated than this, as it depends on client
> > implementation and configuration details.
> > 
> > Something like this would be more accurate but possibly too long:
> > 
> > 	Note that under NFSv2 and NFSv3, the mount path is traversed by
> > 	mountd acting as root, but under NFSv4 the mount path is looked
> > 	up using the client's credentials.  This means that, for
> > 	example, if a client mounts using a krb5 credential that the
> > 	server maps to an "anonmyous" user, then the mount will only
> > 	succeed if that directory and all its parents allow eXecute
> > 	permissions.
> 
> So you're listing this as a "feature" rather than a bug? There should be
> no reason to constrain the pseudofs to use the permission checks from
> the underlying filesystem.

I'd be fine with that.

(That still leaves some subtle v3/v4 difference in the case of mount
paths underneath an export?

What *is* the existing mountd behavior there, exactly?  I'm inclined to
think allowing mounts of arbitrary subdirectories is a bug, but maybe
there's some historical reason for it or maybe someone already depends
on it.)

--b.

next prev parent reply	other threads:[~2012-10-03 16:27 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-09-18  1:23 Inconsistency when mounting a directory that 'world' cannot access NeilBrown
2012-10-01 15:43 ` J. Bruce Fields
2012-10-02  2:38   ` NeilBrown
2012-10-02 14:33     ` J. Bruce Fields
2012-10-03  3:46       ` NeilBrown
2012-10-03 15:13         ` J. Bruce Fields
2012-10-03 15:48           ` Myklebust, Trond
2012-10-03 16:27             ` J. Bruce Fields [this message]
2012-10-03 22:46               ` NeilBrown
2012-10-04 16:07                 ` J. Bruce Fields
2012-10-08  6:03                   ` NeilBrown
2012-10-08 11:42                     ` Steve Dickson
2012-10-08 12:20                       ` J. Bruce Fields
2012-10-09  0:30                       ` NeilBrown
2012-10-08 12:19                     ` J. Bruce Fields
2012-10-08 13:54                     ` Malahal Naineni
2012-10-08 14:18                       ` J. Bruce Fields
2012-10-08 15:26                         ` Malahal Naineni
2012-10-09  0:33                           ` NeilBrown

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20121003162728.GE14313@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=Trond.Myklebust@netapp.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=neilb@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.