Re: inode_change_ok - Trond Myklebust

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Trond Myklebust <trond.myklebust@fys.uio.no>
To: Steve French <smfrench@austin.rr.com>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: inode_change_ok
Date: Mon, 28 Nov 2005 12:15:13 -0500	[thread overview]
Message-ID: <1133198114.27574.23.camel@lade.trondhjem.org> (raw)
In-Reply-To: <1133197587.27574.19.camel@lade.trondhjem.org>

On Mon, 2005-11-28 at 12:06 -0500, Trond Myklebust wrote:
> On Mon, 2005-11-28 at 11:48 -0600, Steve French wrote:
> > Why are there no calls to inode_change_ok in nfs (on the client), but 
> > there are in most other filesytsems?   Seems like there are some cases 
> > in nfs in which a local permission check is done via  a call to 
> > nfs_permission which calls generic_permission ... if that is the case 
> > why not do a call to inode_change_ok in similar cases?
> 
> Under the NFS model, the server manages the permissions, not the client.
> 
> The purpose of inode_change_ok() is to perform a load of local checks
> which are simply alien to that model: 
> 
>  a) your capabilities don't mean anything to the server. Its decision to
> grant the ability to change owner of a file is based on your
> credentials, not your capabilities.
> 
>  b) Even the uid/gid checks don't take into account the fact that the
> server may be mapping you into different users/groups (c.f. root
> squashing etc.).
> 
> All, in all, a call to inode_change_ok() would at best be redundant, and
> at worst, be plain incorrect.

BTW: The call to permission() is thoroughly redundant too, and really
wants to be optimised away. Permissions checking is done by the server
on the actual SETATTR RPC call...

Cheers,
  Trond

     prev parent reply	other threads:[~2005-11-28 17:15 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-28 17:48 inode_change_ok Steve French
2005-11-28 17:06 ` inode_change_ok Trond Myklebust
2005-11-28 17:15   ` Trond Myklebust [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1133198114.27574.23.camel@lade.trondhjem.org \
    --to=trond.myklebust@fys.uio.no \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=smfrench@austin.rr.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).