public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed
From: Chuck Lever <chuck.lever@oracle.com>
To: steved@redhat.com
Cc: linux-nfs@vger.kernel.org
Subject: [PATCH 3/5] statd: change default state dir to /var/lib/nfs/statd
Date: Tue, 04 Aug 2009 14:07:05 -0400	[thread overview]
Message-ID: <20090804180704.21944.64074.stgit@matisse.1015granger.net> (raw)
In-Reply-To: <20090804180334.21944.64404.stgit-RytpoXr2tKZ9HhUboXbp9zCvJB+x5qRC@public.gmane.org>

rpc.statd and friends drop root privileges when they start up.  They
set their effective UID and GID to the owner and group of the statd
state directory, which is by default /var/lib/nfs.

This directory contains a number of other objects, however, and is
usually owned by root:root.  This means if distributions aren't
careful about how nfs-utils is built, their statd will run as root
despite dropping privileges.

So change the default behavior to what Red Hat does: use a separate
subdirectory (/var/lib/nfs/statd) that can have unique ownership,
just for the state directory.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---

 configure.ac              |    4 ++--
 utils/statd/sm-notify.man |   12 ++++++------
 utils/statd/statd.man     |   10 +++++-----
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/configure.ac b/configure.ac
index e0ca70e..2b1994d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -18,9 +18,9 @@ AC_ARG_WITH(release,
 	RELEASE=1)
 	AC_SUBST(RELEASE)
 AC_ARG_WITH(statedir,
-	[  --with-statedir=/foo    use state dir /foo [/var/lib/nfs]],
+	[  --with-statedir=/foo    use state dir /foo [/var/lib/nfs/statd]],
 	statedir=$withval,
-	statedir=/var/lib/nfs)
+	statedir=/var/lib/nfs/statd)
 	AC_SUBST(statedir)
 AC_ARG_WITH(statduser,
 	[AC_HELP_STRING([--with-statduser=rpcuser],
diff --git a/utils/statd/sm-notify.man b/utils/statd/sm-notify.man
index dd03b8d..69b7059 100644
--- a/utils/statd/sm-notify.man
+++ b/utils/statd/sm-notify.man
@@ -33,7 +33,7 @@ but this is configurable.
 For each NFS client or server machine to be monitored,
 .B rpc.statd
 creates a file in
-.BR /var/lib/nfs/sm ", "
+.BR /var/lib/nfs/statd/sm ", "
 and removes the file if monitoring is no longer required.
 .PP
 When the machine is rebooted,
@@ -47,7 +47,7 @@ Each machine has an
 which is basically an integer counter that is incremented
 each time the machine reboots. This counter is stored
 in
-.BR /var/lib/nfs/state ,
+.BR /var/lib/nfs/statd/state ,
 and updated by
 .BR sm-notify .
 .SS Security
@@ -149,13 +149,13 @@ By default,
 .B sm-notify
 forks and puts itself in the background after obtaining the
 list of hosts from
-.BR /var/lib/nfs/sm .
+.BR /var/lib/nfs/statd/sm .
 .SH FILES
-.BR /var/lib/nfs/state
+.BR /var/lib/nfs/statd/state
 .br
-.BR /var/lib/nfs/sm/*
+.BR /var/lib/nfs/statd/sm/*
 .br
-.BR /var/lib/nfs/sm.bak/*
+.BR /var/lib/nfs/statd/sm.bak/*
 .br
 .BR /var/run/sm-notify.pid
 .SH SEE ALSO
diff --git a/utils/statd/statd.man b/utils/statd/statd.man
index e8be9f3..4ed186e 100644
--- a/utils/statd/statd.man
+++ b/utils/statd/statd.man
@@ -24,7 +24,7 @@ reboots.
 For each NFS client or server machine to be monitored,
 .B rpc.statd
 creates a file in
-.BR /var/lib/nfs/sm .
+.BR /var/lib/nfs/statd/sm .
 When starting, it normally runs
 .B sm-notify
 to iterate through these files and notify the
@@ -95,7 +95,7 @@ a port may be useful when implementing a firewall.
 .BI "\-P," "" " \-\-state\-directory\-path "  directory
 specify a directory in which to place statd state information.
 If this option is not specified the default of 
-.BR /var/lib/nfs
+.BR /var/lib/nfs/statd
 is used.
 .TP
 .B -N
@@ -176,11 +176,11 @@ and send notifications to clients. This can be used in High Availability NFS
 of an NFS export from another server.
 
 .SH FILES
-.BR /var/lib/nfs/state
+.BR /var/lib/nfs/statd/state
 .br
-.BR /var/lib/nfs/sm/*
+.BR /var/lib/nfs/statd/sm/*
 .br
-.BR /var/lib/nfs/sm.bak/*
+.BR /var/lib/nfs/statd/sm.bak/*
 .SH SEE ALSO
 .BR rpc.nfsd(8),
 .BR portmap(8)


  parent reply	other threads:[~2009-08-04 18:08 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-08-04 18:06 [PATCH 0/5] new statd [take 1] Chuck Lever
     [not found] ` <20090804180334.21944.64404.stgit-RytpoXr2tKZ9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2009-08-04 18:06   ` [PATCH 1/5] nfs(5): Add description of lookupcache mount option Chuck Lever
2009-08-04 18:06   ` [PATCH 2/5] nfs(5): Remove trailing blanks Chuck Lever
2009-08-04 18:07   ` Chuck Lever [this message]
2009-08-04 18:07   ` [PATCH 5/5] NFS man page: update nfs(5) with details about IPv6 support Chuck Lever
2009-08-05 13:51   ` [PATCH 0/5] new statd [take 1] Chuck Lever
2009-08-05 17:18     ` J. Bruce Fields
2009-08-16 20:35   ` Steve Dickson
     [not found]     ` <4A886D76.1040404-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2009-08-17 13:57       ` Chuck Lever

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090804180704.21944.64074.stgit@matisse.1015granger.net \
    --to=chuck.lever@oracle.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=steved@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox