From: NeilBrown <neilb@suse.de>
To: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: "Darcy Partridge" <dpartrid@novell.com>, NFS <linux-nfs@vger.kernel.org>
Subject: NFSv4 client does not allow you to execute a file with no read permission.
Date: Wed, 30 May 2012 13:04:14 +1000 [thread overview]
Message-ID: <20120530130414.597e29ae@notabene.brown> (raw)
[-- Attachment #1: Type: text/plain, Size: 1445 bytes --]
If there is a file on the server with permissions --x--x--x,
then if I mount with NFSv3 I (as a non-root user) can run it.
However if I mount with NFSv4 I cannot.
This is with a sufficiently recent server kernel which fixes that server-side
bug that caused a problem with this scenario.
I think the bug was introduced by commit cd9a1c0e5ac68
NFSv4: Clean up nfs4_atomic_open
which added a new call to nfs_may_open.
The problem is that nfs_intent_set_file calls nfs_may_open passing
intent.open.flags which contains O_RDONLY (i.e. 0). This is mapped
to FMODE_READ before being passed to nfs_do_access.
As I don't have read access, the exec fails.
I can "fix it" with
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index eedd24d..15a718b 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -2278,12 +2278,12 @@ static int nfs_open_permission_mask(int openflags)
{
int mask = 0;
- if ((openflags & O_ACCMODE) != O_WRONLY)
- mask |= MAY_READ;
if ((openflags & O_ACCMODE) != O_RDONLY)
mask |= MAY_WRITE;
if (openflags & __FMODE_EXEC)
mask |= MAY_EXEC;
+ else if ((openflags & O_ACCMODE) != O_WRONLY)
+ mask |= MAY_READ;
return mask;
}
so we don't ask for READ permission if we are asking for EXEC permission.
I suspect this may not be the right fix. I'm just presenting it to help
focus on whether the problem seems to be.
Is there a better way to fix this?
Thanks,
NeilBrown
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 828 bytes --]
next reply other threads:[~2012-05-30 3:04 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-30 3:04 NeilBrown [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-07-19 6:44 NFSv4 client does not allow you to execute a file with no read permission NeilBrown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120530130414.597e29ae@notabene.brown \
--to=neilb@suse.de \
--cc=dpartrid@novell.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).