From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jamie Lokier <jamie@shareable.org>
Subject: Re: [RFC] FUSE permission modell (Was: fuse review bits)
Date: Tue, 12 Apr 2005 17:13:03 +0100
Message-ID: <20050412161303.GI10995@mail.shareable.org>
References: <20050411153619.GA25987@nevyn.them.org> <E1DL1Gj-000091-00@dorka.pomaz.szeredi.hu> <20050411181717.GA1129@nevyn.them.org> <E1DL4J4-0000Py-00@dorka.pomaz.szeredi.hu> <20050411192223.GA3707@nevyn.them.org> <E1DL51J-0000To-00@dorka.pomaz.szeredi.hu> <20050411221324.GA10541@nevyn.them.org> <E1DLEsQ-00015Z-00@dorka.pomaz.szeredi.hu> <20050412143237.GB10995@mail.shareable.org> <E1DLMrh-0001lm-00@dorka.pomaz.szeredi.hu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: dan@debian.org, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org, hch@infradead.org, akpm@osdl.org,
	viro@parcelfarce.linux.theplanet.co.uk
Return-path: <linux-kernel-owner+glk-linux-kernel=40m.gmane.org-S262457AbVDLQRu@vger.kernel.org>
To: Miklos Szeredi <miklos@szeredi.hu>
Content-Disposition: inline
In-Reply-To: <E1DLMrh-0001lm-00@dorka.pomaz.szeredi.hu>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

Miklos Szeredi wrote:
> > Note that NFS checks the permissions on _both_ the client and server,
> > for a reason.
> 
> Does it?  If I read the code correctly the client checks credentials
> supplied by the server (or cached).  But the server does the actual
> checking of permissions.
> 
> Am I missing something?

Yes, for NFSv2, this test in nfs_permssion():

	if (!NFS_PROTO(inode)->access)
		goto out;

And for either version of NFS, if the uid and gid are non-zero, and
the permission bits indicate that an access is permitted, then the
client does not consult the server for permission.

-- Jamie