From: Neil Brown <neilb@suse.de>
To: Oleg Drokin <green@linuxhacker.ru>
Cc: linux-fsdevel@vger.kernel.org
Subject: Re: Pass "allow owner override" flags from NFSD down to actual FS.
Date: Thu, 27 Apr 2006 10:28:16 +1000 [thread overview]
Message-ID: <17488.4128.223730.153313@cse.unsw.edu.au> (raw)
In-Reply-To: message from Oleg Drokin on Saturday April 22
On Saturday April 22, green@linuxhacker.ru wrote:
> Hello!
>
> NFSD does its own internal checks to possibly override restrictive file mode
> for file owner already, to allow writing into (opened) file with some
> restrictive mode (like 0000). But it does not pass this info down to
> actual filesystems, and if that filesystem is also doing permission checks
> in open, such an open would fail at FS-level.
> (I thought of making an example with NFS exported with NFS, but this appears
> to be not allowed, so I choose different example).
> For example Lustre is contacting its metadata server for every open, and
> metadata server does permission checks for open, obviously.
>
> I wonder if something like the patch below can be useful for any other
> distributed FS now in use and ultimately to end up accepted into vanilla
> tree?
>
Would it be acceptable for the lowlevel filesystem to simply always
assume OWNER_OVERRIDE??
There are no security concerns in allowing read or write access to an
owner. The IRUSR bit is almost entirely pointless, and the IWUSR bit
is at most hint for user-level processes. Given that you know the
syscall interface will be checking these, and given that they have no
security implication, is there really any value in having the lowlevel
filesystem check them as well?
Other than that, my only concern is that it seems to allow a
user-space application to open a file with O_OWNER_OVERRIDE and you
would want that sort of change to get wide visibility. I don't think
it is a problem, but there might be those who would.
NeilBrown
next prev parent reply other threads:[~2006-04-27 0:28 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-22 20:29 Pass "allow owner override" flags from NFSD down to actual FS Oleg Drokin
2006-04-23 4:11 ` Stephen Rothwell
2006-04-27 0:28 ` Neil Brown [this message]
2006-04-28 22:28 ` Oleg Drokin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=17488.4128.223730.153313@cse.unsw.edu.au \
--to=neilb@suse.de \
--cc=green@linuxhacker.ru \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).