public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed
From: "J. Bruce Fields" <bfields@fieldses.org>
To: Peter Staubach <staubach@redhat.com>
Cc: Chuck Lever <chuck.lever@oracle.com>,
	trond.myklebust@fys.uio.no, linux-nfs@vger.kernel.org
Subject: Re: [PATCH] NFS: Change default behavior when "sec=" is not specified by user
Date: Tue, 1 Sep 2009 14:50:11 -0400	[thread overview]
Message-ID: <20090901185011.GC27726@fieldses.org> (raw)
In-Reply-To: <4A9D690E.2050704@redhat.com>

On Tue, Sep 01, 2009 at 02:33:50PM -0400, Peter Staubach wrote:
> Chuck Lever wrote:
> > 
> > On Sep 1, 2009, at 12:38 PM, J. Bruce Fields wrote:
> > 
> >> On Tue, Sep 01, 2009 at 12:29:30PM -0400, Chuck Lever wrote:
> >>> On Sep 1, 2009, at 12:09 PM, J. Bruce Fields wrote:
> >>>> And, sure, that'd be OK with me, and would probably be better than
> >>>> adding another exception, so I'm OK with skipping #3.  (We definitely
> >>>> shouldn't omit #2, though.)
> >>>
> >>> Seems straightforward enough, but...  Why are we doing this again?  It
> >>> still seems like non-standard behavior.  Are we simply attempting to
> >>> avoid the case where folks would get the "nobody" behavior unexpectedly
> >>> because of a mountd bug, or is there more to it?
> >>
> >> That's all there is to it.  As I said:
> >>
> >>>>>>>>     2. In the absence of sec=, we should probably *not* choose
> >>>>>>>>     AUTH_NULL.  (All mountd's before 1.1.3 list AUTH_NULL first on
> >>>>>>>>     the returned list, so users with older servers may wonder why a
> >>>>>>>>     client upgrade is making files they create suddenly be owned by
> >>>>>>>>     nobody.) http://marc.info/?l=linux-nfs&m=125089022306281&w=2
> >>
> >>> I'm just thinking of what the documenting comment might say, and perhaps
> >>> some explanation added to nfs(5).
> >>
> >> "As a special case, to work around bugs in some older servers, the
> >> client will never automatically negotiate auth_null; if auth_null is
> >> desired, an explicit "sec=null" on the commandline is required."
> >>
> >> Or something like that.
> > 
> > OK, one more corner case.
> > 
> > What if the mount doesn't specify "sec=" and the only flavor in the
> > server's auth list is AUTH_NULL?  Seems like we should allow that one.
> > 
> 
> Some servers will accept any flavor of incoming RPC security
> and just use AUTH_NULL in this situation.  It really shouldn't
> matter what the client sends, as long as the server is just
> going to map all requests to nobody/nobody anyway...

OK, but let's not pile on more workarounds than we have to.  I don't see
any reason that we really need to do anything special for servers that
are broken in *that* particular way....

--b.

  reply	other threads:[~2009-09-01 18:50 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-09-01 14:31 [PATCH] NFS: Change default behavior when "sec=" is not specified by user Chuck Lever
     [not found] ` <20090901143012.3978.11441.stgit-RytpoXr2tKZ9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2009-09-01 15:05   ` J. Bruce Fields
2009-09-01 15:10     ` Chuck Lever
2009-09-01 15:18       ` J. Bruce Fields
2009-09-01 15:52         ` Chuck Lever
2009-09-01 16:09           ` J. Bruce Fields
2009-09-01 16:29             ` Chuck Lever
2009-09-01 16:38               ` J. Bruce Fields
2009-09-01 18:07                 ` Chuck Lever
2009-09-01 18:21                   ` J. Bruce Fields
2009-09-01 18:25                   ` Trond Myklebust
     [not found]                     ` <1251829540.18608.31.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-01 18:28                       ` Trond Myklebust
     [not found]                         ` <1251829737.18608.34.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-01 18:35                           ` Trond Myklebust
2009-09-01 18:58                       ` Chuck Lever
2009-09-01 19:31                         ` Trond Myklebust
     [not found]                           ` <1251833479.18608.69.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-01 19:33                             ` Trond Myklebust
2009-09-01 20:10                             ` Chuck Lever
2009-09-01 20:15                               ` J. Bruce Fields
2009-09-01 20:31                                 ` Chuck Lever
2009-09-01 21:22                                   ` Trond Myklebust
     [not found]                                     ` <1251840160.8463.20.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-02 14:16                                       ` Chuck Lever
2009-09-01 18:33                   ` Peter Staubach
2009-09-01 18:50                     ` J. Bruce Fields [this message]
2009-09-01 18:52                       ` Peter Staubach
2009-09-01 19:16                         ` J. Bruce Fields
2009-09-01 19:24                           ` Peter Staubach
2009-09-01 20:05                             ` J. Bruce Fields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090901185011.GC27726@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=chuck.lever@oracle.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=staubach@redhat.com \
    --cc=trond.myklebust@fys.uio.no \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox