From: Jeff Layton <jlayton@redhat.com>
To: nfs@lists.sourceforge.net
Subject: How best to handle implicit clearing of setuid/setgid bits on NFS?
Date: Tue, 29 May 2007 12:47:05 -0400 [thread overview]
Message-ID: <20070529124705.a1e70735.jlayton@redhat.com> (raw)
I've been looking at issue of clearing setuid/setgid bits when a file
is written to on NFS. Here's the problem in a nutshell:
We have 2 users. test1 and test2. Both are members of the group
"testgrp":
test2@host$ ls -l f1
-rwxrwsr-x 1 test1 testgrp 2 2007-05-29 12:23 f1
test2@host$ echo foo > f1
-bash: f1: Permission denied
...and f1 is unchanged. The problem is that the VFS calls remove_suid
to wipe the setgid bit. This ends up causing a SETATTR call, which
fails on NFS because we're attempting to remove these bits as user
"test2".
Until recently, the situation here was worse. The VFS would truncate
the file first and then try to clear the setgid bit. The truncate would
succeed, but the perm change would fail. You'd end up with a zero-length
file. This was fixed my making the size change and bit-clearing go via
the same setattr call, so the whole operation just errors out now.
My question is -- Is there anything we can do to make this work as it
does on a local filesystem? Ideally there would be some way to tell the
server "clear the setuid/gid bits", without actually modifying the
contents of the file. Is there a NFS call we can use that would do this?
The only thing I can think of is to read the first byte of the file and
then overwrite it with the same data, but that seems racy and may have
other problems (and what do you do with a zero-length, setuid file?).
Any suggestions appreciated...
--
Jeff Layton <jlayton@redhat.com>
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next reply other threads:[~2007-05-29 16:47 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-29 16:47 Jeff Layton [this message]
2007-06-27 22:15 ` How best to handle implicit clearing of setuid/setgid bits on NFS? Trond Myklebust
2007-06-28 2:13 ` [RFC:PATCH] " Jeff Layton
2007-06-28 13:38 ` Trond Myklebust
2007-07-23 19:05 ` Jeff Layton
2007-07-23 20:33 ` [NFS] " Trond Myklebust
2007-07-24 11:42 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070529124705.a1e70735.jlayton@redhat.com \
--to=jlayton@redhat.com \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox