Linux NFS development
 help / color / mirror / Atom feed
From: "bfields@fieldses.org" <bfields@fieldses.org>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: Trond Myklebust <trondmy@hammerspace.com>,
	"rgoldwyn@suse.de" <rgoldwyn@suse.de>,
	"agruenba@redhat.com" <agruenba@redhat.com>,
	"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
	"linux-unionfs@vger.kernel.org" <linux-unionfs@vger.kernel.org>
Subject: Re: nfs4_acl restricts copy_up in overlayfs
Date: Fri, 1 Jun 2018 10:26:40 -0400	[thread overview]
Message-ID: <20180601142640.GC10666@fieldses.org> (raw)
In-Reply-To: <CAJfpegvG4rkesopg=qj1H288X6H9CXu=N_fuYEsuWJ-O=5785A@mail.gmail.com>

On Fri, Jun 01, 2018 at 04:00:22PM +0200, Miklos Szeredi wrote:
> On Fri, Jun 1, 2018 at 3:50 PM, bfields@fieldses.org
> <bfields@fieldses.org> wrote:
> > On Fri, Jun 01, 2018 at 03:32:59PM +0200, Miklos Szeredi wrote:
> >> How do you define "safely"?
> >>
> >> Is it safe for root to do
> >>
> >>   cp -a /nfs/remotedir /tmp/localdir
> >>
> >> ?
> >>
> >> That's essentially what an overlayfs mount with an NFS layer does with
> >> respect to access permissions:
> >>
> >>  - remote files are not modifiable to anyone, unless server allows
> >>
> >>  - remote files *readable to root* will provide access based on local DAC check.
> >>
> >> Does that need to be made clear in the docs?  Surely.  But it does NOT
> >> mean it's dangerous or that it's not useful with an arbitrary NFS
> >> server
> >
> > We should definitely have clear documentation, but despite that, in
> > practice lots of people *will* be surprised when permissions are
> > enforced differently after copy-up, and those surprises may well have
> > unpleasant implications.
> 
> Permissions are enforced exactly the same before and after copy-up.
> That's one of the good points in doing the permission checks locally.

Whoops, sorry, I missed that.  So you always read owners and mode bits
out of the cached inode and used those to check permissions instead of
calling access?

That still sounds pretty confusing.  E.g. if the server's squashing root
to a user without permission to read a file, you'll pass local
permission checks, but the success a given read may actually depend on
whether the data's already cached?  I feel like I still must not
understand something.  Sorry if I'm making these threads repeat
themselves....

--b.

> 
> That "cp -a /nfs/remotedir /tmp/localdir" example is almost exactly
> equivalent to:
> 
>   mount -t overlay -olowerdir=/nfs/remotedir,upperdir=/tmp/upper,...
> /tmp/localdir
> 
> except the copy is delayed until modification.
> 
> Thanks,
> Miklos

  reply	other threads:[~2018-06-01 14:26 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-29 20:32 nfs4_acl restricts copy_up in overlayfs Goldwyn Rodrigues
2018-05-29 21:37 ` Trond Myklebust
2018-05-30  1:08   ` Goldwyn Rodrigues
2018-05-30  3:01     ` Trond Myklebust
2018-05-30 10:33       ` Goldwyn Rodrigues
2018-05-31  0:45         ` J. Bruce Fields
2018-05-31 10:00           ` Miklos Szeredi
2018-05-31 12:47             ` Trond Myklebust
2018-05-31 12:55               ` Miklos Szeredi
2018-05-31 13:10                 ` Trond Myklebust
2018-05-31 13:30                   ` Miklos Szeredi
2018-05-31 14:06                     ` bfields
2018-05-31 14:26                       ` Miklos Szeredi
2018-05-31 17:52                         ` Trond Myklebust
2018-05-31 21:56                       ` Goldwyn Rodrigues
2018-05-31 21:53                     ` Goldwyn Rodrigues
2018-06-01  0:49                       ` Trond Myklebust
2018-06-01 11:40                         ` Goldwyn Rodrigues
2018-06-01 13:16                           ` Trond Myklebust
2018-06-01 13:32                             ` Miklos Szeredi
2018-06-01 13:50                               ` bfields
2018-06-01 14:00                                 ` Miklos Szeredi
2018-06-01 14:26                                   ` bfields [this message]
2018-06-01 14:43                                     ` Miklos Szeredi
2018-06-01 16:08                                       ` bfields
2018-06-01 17:02                                         ` Miklos Szeredi
2018-06-01 17:43                                           ` bfields
2018-06-01 19:14                                             ` Miklos Szeredi
2018-06-02  0:50                                               ` bfields
2018-06-07 11:50                                                 ` Miklos Szeredi
2018-05-31 18:57                   ` J. R. Okajima

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180601142640.GC10666@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=agruenba@redhat.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=linux-unionfs@vger.kernel.org \
    --cc=miklos@szeredi.hu \
    --cc=rgoldwyn@suse.de \
    --cc=trondmy@hammerspace.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox