From: Peter Staubach <staubach@redhat.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Chuck Lever <chuck.lever@oracle.com>,
trond.myklebust@fys.uio.no, linux-nfs@vger.kernel.org
Subject: Re: [PATCH] NFS: Change default behavior when "sec=" is not specified by user
Date: Tue, 01 Sep 2009 14:52:44 -0400 [thread overview]
Message-ID: <4A9D6D7C.60501@redhat.com> (raw)
In-Reply-To: <20090901185011.GC27726@fieldses.org>
J. Bruce Fields wrote:
> On Tue, Sep 01, 2009 at 02:33:50PM -0400, Peter Staubach wrote:
>> Chuck Lever wrote:
>>> On Sep 1, 2009, at 12:38 PM, J. Bruce Fields wrote:
>>>
>>>> On Tue, Sep 01, 2009 at 12:29:30PM -0400, Chuck Lever wrote:
>>>>> On Sep 1, 2009, at 12:09 PM, J. Bruce Fields wrote:
>>>>>> And, sure, that'd be OK with me, and would probably be better than
>>>>>> adding another exception, so I'm OK with skipping #3. (We definitely
>>>>>> shouldn't omit #2, though.)
>>>>> Seems straightforward enough, but... Why are we doing this again? It
>>>>> still seems like non-standard behavior. Are we simply attempting to
>>>>> avoid the case where folks would get the "nobody" behavior unexpectedly
>>>>> because of a mountd bug, or is there more to it?
>>>> That's all there is to it. As I said:
>>>>
>>>>>>>>>> 2. In the absence of sec=, we should probably *not* choose
>>>>>>>>>> AUTH_NULL. (All mountd's before 1.1.3 list AUTH_NULL first on
>>>>>>>>>> the returned list, so users with older servers may wonder why a
>>>>>>>>>> client upgrade is making files they create suddenly be owned by
>>>>>>>>>> nobody.) http://marc.info/?l=linux-nfs&m=125089022306281&w=2
>>>>> I'm just thinking of what the documenting comment might say, and perhaps
>>>>> some explanation added to nfs(5).
>>>> "As a special case, to work around bugs in some older servers, the
>>>> client will never automatically negotiate auth_null; if auth_null is
>>>> desired, an explicit "sec=null" on the commandline is required."
>>>>
>>>> Or something like that.
>>> OK, one more corner case.
>>>
>>> What if the mount doesn't specify "sec=" and the only flavor in the
>>> server's auth list is AUTH_NULL? Seems like we should allow that one.
>>>
>> Some servers will accept any flavor of incoming RPC security
>> and just use AUTH_NULL in this situation. It really shouldn't
>> matter what the client sends, as long as the server is just
>> going to map all requests to nobody/nobody anyway...
>
> OK, but let's not pile on more workarounds than we have to. I don't see
> any reason that we really need to do anything special for servers that
> are broken in *that* particular way....
>
I don't think that that is considered to be broken, by the way.
I am not sure whether it still works this way, but I know that
Solaris used to work this way, at the very least.
Since I clearly haven't looked, but why would the Linux NFS
server care which flavor that it got sent, if the export is
configured to map all requests to nobody/nobody?
ps
next prev parent reply other threads:[~2009-09-01 18:52 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-01 14:31 [PATCH] NFS: Change default behavior when "sec=" is not specified by user Chuck Lever
[not found] ` <20090901143012.3978.11441.stgit-RytpoXr2tKZ9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2009-09-01 15:05 ` J. Bruce Fields
2009-09-01 15:10 ` Chuck Lever
2009-09-01 15:18 ` J. Bruce Fields
2009-09-01 15:52 ` Chuck Lever
2009-09-01 16:09 ` J. Bruce Fields
2009-09-01 16:29 ` Chuck Lever
2009-09-01 16:38 ` J. Bruce Fields
2009-09-01 18:07 ` Chuck Lever
2009-09-01 18:21 ` J. Bruce Fields
2009-09-01 18:25 ` Trond Myklebust
[not found] ` <1251829540.18608.31.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-01 18:28 ` Trond Myklebust
[not found] ` <1251829737.18608.34.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-01 18:35 ` Trond Myklebust
2009-09-01 18:58 ` Chuck Lever
2009-09-01 19:31 ` Trond Myklebust
[not found] ` <1251833479.18608.69.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-01 19:33 ` Trond Myklebust
2009-09-01 20:10 ` Chuck Lever
2009-09-01 20:15 ` J. Bruce Fields
2009-09-01 20:31 ` Chuck Lever
2009-09-01 21:22 ` Trond Myklebust
[not found] ` <1251840160.8463.20.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-02 14:16 ` Chuck Lever
2009-09-01 18:33 ` Peter Staubach
2009-09-01 18:50 ` J. Bruce Fields
2009-09-01 18:52 ` Peter Staubach [this message]
2009-09-01 19:16 ` J. Bruce Fields
2009-09-01 19:24 ` Peter Staubach
2009-09-01 20:05 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A9D6D7C.60501@redhat.com \
--to=staubach@redhat.com \
--cc=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.