From mboxrd@z Thu Jan 1 00:00:00 1970 From: DENIEL Philippe Subject: Re: [5/8] syscall_cred() a system call that receives alternate CREDs Date: Mon, 08 Apr 2013 15:54:24 +0200 Message-ID: <5162CC10.3010203@cea.fr> References: <516299A5.8030109@panasas.com> <51629DBE.1060508@panasas.com> Reply-To: philippe.deniel@cea.fr Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Steven Whitehouse , Steve Dickson , Jeff Layton , lsf-pc@lists.linux-foundation.org, linux-fsdevel , Ganesha NFS List , Frank S Filz , "J. Bruce Fields" , "Lieb, Jim" , Venkateswararao Jujjuri To: Boaz Harrosh Return-path: Received: from cirse-out.extra.cea.fr ([132.167.192.142]:47213 "EHLO cirse-out.extra.cea.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964984Ab3DHOiu (ORCPT ); Mon, 8 Apr 2013 10:38:50 -0400 Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse.extra.cea.fr (8.14.2/8.14.2/CEAnet-Internet-out-2.3) with ESMTP id r38DsPq2027067 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Mon, 8 Apr 2013 15:54:25 +0200 Received: from muguet1.intra.cea.fr (muguet1.intra.cea.fr [132.166.192.6]) by pisaure.intra.cea.fr (8.14.4/8.14.4) with ESMTP id r38DsPZd012561 for ; Mon, 8 Apr 2013 15:54:25 +0200 (envelope-from philippe.deniel@cea.fr) Received: from zia.cdc.esteban.ctsi (out.dam.intra.cea.fr [132.165.76.10]) by muguet1.intra.cea.fr (8.13.8/8.13.8/CEAnet-Intranet-out-1.2) with SMTP id r38DsOek009287 for ; Mon, 8 Apr 2013 15:54:24 +0200 In-Reply-To: <51629DBE.1060508@panasas.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: I do agree with Boaz and Jim. Being capable of "mascarading" a syscall with someone's credential would be really useful. In particular, in the Ganesha's scope, it is required to properly managed quota (you need to create inodes and write to files as the user if you want those inodes and blocks to be added to the right user's bill). Philippe On 04/08/13 12:36, Boaz Harrosh wrote: > From: Jim Lieb > > In current NFS Server (Ganesha) lots of operation becomes 6 syscalls > (Or is it 7?) > > - setfsuid(), setfsgid(), thread_setgroups() > - The OP > - Revert setfsuid(), setfsgid() to root > > This is because if we do all these file operations as root then > FS will not account for the quota a user have on create files, > data space, and so on. > (Note that permission checking is done by Ganesha core, because > We may cache open fd(s) and such not, another topic) > > We could maybe with hard work save the last two calls for reverting > to root, but this will force us to audit lots of code that we are > not prepared to do right now. And will not save us much. > > [thread_setgroups()] > thread_setgroups() is what we use at Ganesha and what Samaba guys use > for a per-thread setgroups() call. In the Linux Kernel the setgroups is > actually always per thread. It is only the POSIX (crap) pthread layer > at glibc that intercepts the setgroups() call (and others), Iterates on > all threads that belong to a process, and calls the native Kernel setgroups > on them. So thread_setgroups() is just the raw syscall bypassing glibc's > processing. We will eventually push this API to glibc. > BTW: this is done exactly the same on FreeBSD, with same exact glibc intervention. > > [Proposed] > What Jim proposed is a syscall that receives a struct that has > the regular syscalls parameters plus the creds structure with fsuid/fsgid and > groups array. Kernel will set these in, call the original syscall, and revert. > This will be done on only an interested subset of the syscalls that are one - > are related to filesystems (setfsXid) and two - are of interest to us Servers. > > Jim care to scribble a structure definition? > > Thanks > Boaz >