From: "J. Bruce Fields" <bfields@fieldses.org>
To: Chris J Arges <chris.j.arges@canonical.com>
Cc: linux-nfs@vger.kernel.org, Trond Myklebust <trond@netapp.com>
Subject: Re: [PATCH] nfsd4: permit read opens of executable-only files
Date: Tue, 13 Dec 2011 13:26:44 -0500 [thread overview]
Message-ID: <20111213182644.GA29809@fieldses.org> (raw)
In-Reply-To: <loom.20111213T183631-8@post.gmane.org>
Could you leave me on the cc: ?
Also, Trond: what did we end up deciding to do about permissions
checking on execute? Was there a bugfix on the client side?
On Tue, Dec 13, 2011 at 05:38:54PM +0000, Chris J Arges wrote:
> <snip>
> > >
> > >
> > > Bruce,
> > >
> > > I've tested this patch against linux-3.0 and it doesn't allow me to execute
> > > binaries with permissions of 111.
> >
> > Hm, I see the same permissions error. However, looking at the
> > client-server traffic with wireshark, I see no permissions failures from
> > the server: the read-open of cat succeeds. (Could you check if the same
> > is true in your case?)
> >
> > So my first inclination is to blame the client.... Does this work with
> > an older client?
> >
> > --b.
>
> Bruce,
>
> Using the above test setup, and trying various clients I see a mismatch:
>
> Using a newer nfs clients (nfs-common 1:1.2.2-4/1:1.2.4-1), I can read a file
> with 111 permissions, but cannot execute it.
> With an older nfs client (nfs-common 1:1.2.0-4 / ubuntu lucid), I can read and
> execute a file with 111 permissions.
It certainly sounds like a client-side error.... (Though if you could
take a look at the traffic in wireshark as suggested above, that would
help--it doesn't require much special expertise, just look for an OPEN
call that mentions the file in question, and see if the server replies
with an error or not.)
Note it's the kernel on the client that matters, not the nfs-utils
version. And most useful for people on this list may be testing with
the latest upstream kernel. (We aren't necessarily familiar with Ubuntu
kernel versions.)
--b.
prev parent reply other threads:[~2011-12-13 18:26 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-25 16:19 [PATCH] nfsd4: permit read opens of executable-only files J. Bruce Fields
2011-08-25 17:31 ` Jim Rees
2011-08-25 18:52 ` J. Bruce Fields
2011-08-25 19:48 ` Jim Rees
2011-08-25 19:49 ` Jim Rees
2011-12-07 22:42 ` Chris J Arges
2011-12-08 21:21 ` J. Bruce Fields
2011-12-13 17:38 ` Chris J Arges
2011-12-13 18:26 ` J. Bruce Fields [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111213182644.GA29809@fieldses.org \
--to=bfields@fieldses.org \
--cc=chris.j.arges@canonical.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond@netapp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).