Re: Inconsistency when mounting a directory that 'world' cannot access.

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "J. Bruce Fields" <bfields@fieldses.org>
To: "Myklebust, Trond" <Trond.Myklebust@netapp.com>
Cc: NeilBrown <neilb@suse.de>, NFS <linux-nfs@vger.kernel.org>
Subject: Re: Inconsistency when mounting a directory that 'world' cannot access.
Date: Wed, 3 Oct 2012 12:27:28 -0400	[thread overview]
Message-ID: <20121003162728.GE14313@fieldses.org> (raw)
In-Reply-To: <4FA345DA4F4AE44899BD2B03EEEC2FA909001D77@SACEXCMBX04-PRD.hq.netapp.com>

On Wed, Oct 03, 2012 at 03:48:43PM +0000, Myklebust, Trond wrote:
> On Wed, 2012-10-03 at 11:13 -0400, J. Bruce Fields wrote:
> > On Wed, Oct 03, 2012 at 01:46:29PM +1000, NeilBrown wrote:
> > > On Tue, 2 Oct 2012 10:33:34 -0400 "J. Bruce Fields" <bfields@fieldses.org>
> > > wrote:
> > > 
> > > > I guess you're right.  So it starts to sound more like: "you have a
> > > > confusing setup.  Your export configuration says one thing, and your
> > > > filesystem permissions say another.  Under NFSv3 the confusion didn't
> > > > matter, but now it does--time to fix it."
> > > > 
> > > 
> > > That's the best I could come to - I'm glad to have it confirmed.  Thanks!
> > > 
> > > It is unfortunate that Linux NFS uses an anon credential to mount when krb5
> > > is in use, and uses 'root' when auth_sys is used (which might be anon if
> > > "root_squash" is active, but might not).
> > > I wonder if it would work to use auth_none for the mount-time lookup, just
> > > for consistency..
> > > 
> > > Is the following appropriate?  Is there somewhere better to put this caveat?
> > 
> > Unfortunately, it's more complicated than this, as it depends on client
> > implementation and configuration details.
> > 
> > Something like this would be more accurate but possibly too long:
> > 
> > 	Note that under NFSv2 and NFSv3, the mount path is traversed by
> > 	mountd acting as root, but under NFSv4 the mount path is looked
> > 	up using the client's credentials.  This means that, for
> > 	example, if a client mounts using a krb5 credential that the
> > 	server maps to an "anonmyous" user, then the mount will only
> > 	succeed if that directory and all its parents allow eXecute
> > 	permissions.
> 
> So you're listing this as a "feature" rather than a bug? There should be
> no reason to constrain the pseudofs to use the permission checks from
> the underlying filesystem.

I'd be fine with that.

(That still leaves some subtle v3/v4 difference in the case of mount
paths underneath an export?

What *is* the existing mountd behavior there, exactly?  I'm inclined to
think allowing mounts of arbitrary subdirectories is a bug, but maybe
there's some historical reason for it or maybe someone already depends
on it.)

--b.

next prev parent reply	other threads:[~2012-10-03 16:27 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-09-18  1:23 Inconsistency when mounting a directory that 'world' cannot access NeilBrown
2012-10-01 15:43 ` J. Bruce Fields
2012-10-02  2:38   ` NeilBrown
2012-10-02 14:33     ` J. Bruce Fields
2012-10-03  3:46       ` NeilBrown
2012-10-03 15:13         ` J. Bruce Fields
2012-10-03 15:48           ` Myklebust, Trond
2012-10-03 16:27             ` J. Bruce Fields [this message]
2012-10-03 22:46               ` NeilBrown
2012-10-04 16:07                 ` J. Bruce Fields
2012-10-08  6:03                   ` NeilBrown
2012-10-08 11:42                     ` Steve Dickson
2012-10-08 12:20                       ` J. Bruce Fields
2012-10-09  0:30                       ` NeilBrown
2012-10-08 12:19                     ` J. Bruce Fields
2012-10-08 13:54                     ` Malahal Naineni
2012-10-08 14:18                       ` J. Bruce Fields
2012-10-08 15:26                         ` Malahal Naineni
2012-10-09  0:33                           ` NeilBrown

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20121003162728.GE14313@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=Trond.Myklebust@netapp.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=neilb@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).