Re: NFSv3 may inappropriately return EPERM for fsetxattr

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Bruce Fields <bfields@fieldses.org>
To: NeilBrown <neilb@suse.com>
Cc: Nelson Elhage <nelhage@nelhage.com>,
	Christoph Hellwig <hch@lst.de>,
	linux-nfs@vger.kernel.org, James Brown <jbrown@easypost.com>
Subject: Re: NFSv3 may inappropriately return EPERM for fsetxattr
Date: Tue, 14 Aug 2018 15:43:34 -0400	[thread overview]
Message-ID: <20180814194334.GO7906@fieldses.org> (raw)
In-Reply-To: <87ftzhb9rh.fsf@notabene.neil.brown.name>

On Tue, Aug 14, 2018 at 07:03:14PM +1000, NeilBrown wrote:
> On Mon, Aug 13 2018, NeilBrown wrote:
> 
> > On Sun, Aug 12 2018, Bruce Fields wrote:
> >> OK, so not too important.  Still, it sounds like
> >> inode_owner_or_capable() is something people expect to work for any
> >> filesystem, so I wonder if there's a way to do that.  Or at least
> >> disable it.
> >
> > We could add a new flag - MAY_OWN (or something) - to the flags
> > recognised by inode_permission() and i_op->permission().
> >
> > If ->permission isn't set, inode_permission() uses
> > inode_owner_or_capable().
> > If it is, it gets to call that, or do whatever is appropriate.
> >
> > Is this flag the same as NFS_MAY_OWNER_OVERRIDE or not....??
> >
> 
> Pursuing this thought...
>   NFSD_MAY_OWNER_OVERRIDE means "an operation is requested which
>    may always be performed by the owner of the file, even if they
>    don't have explicit permission via DAC setting."
> 
> I think this is a reasonable description of how inode_owner_or_capable()
> is used.  It is sometimes used on its own, where there is no permission
> but that is relevant such as O_NOATIME or set_posix_acl(), or is used
> as a precursor to and inode_permission() check, as in notify_change().
> 
> The biggest difference is that NFSD_MAY_OWNER_OVERRIDE does have the
> "or_capable".
> As nfsd drops CAP_FOWNER, and the extra test won't hurt it.
> 
> So I now think that a good solution to this problem would be to hoist
> NFSD_MAY_OWNER_OVERRIDE into the VFS and change inode_permission() and
> various i_op->permission functions to handle it.
> 
> All we need is a good name....
>   MAY_BY_OWNER  ???
>   MAY_IF_OWNER
>   MAY_BE_OWNER ???
> 
> MAY_READ means "may I please read this file".  The flag needs to say
> "may I act as the owner of this file", so
>   MAY_ACT_AS_OWNER ????

It's still a little different from the other permission bits in that I
believe

	permission(., READ|WRITE)
		== permission(., READ) && permission(., WRITE)

but

	permission(., READ|OWNER_OVERRIDE)
		== permission(., READ) || permission(., OWNER_OVERRIDE)

?

Anyway, naming aside....  I don't know, sounds like it might work?
Honestly I'm not completely sure I understand the proposal.

--b.

next prev parent reply	other threads:[~2018-08-14 22:32 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-18  3:46 NFSv3 may inappropriately return EPERM for fsetxattr Nelson Elhage
2016-03-21 14:43 ` Christoph Hellwig
2016-03-21 15:56   ` Nelson Elhage
2018-08-10  1:29     ` NeilBrown
2018-08-10 17:00       ` Bruce Fields
2018-08-10 17:03         ` Bruce Fields
2018-08-11 22:28           ` NeilBrown
2018-08-12 13:21             ` Bruce Fields
2018-08-12 23:55               ` NeilBrown
2018-08-14  9:03                 ` NeilBrown
2018-08-14 19:43                   ` Bruce Fields [this message]
2018-08-14 23:49                     ` NeilBrown
2018-08-16  0:39                     ` NeilBrown
2018-08-16 17:54                       ` Bruce Fields
2018-08-16 22:50                         ` NeilBrown

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180814194334.GO7906@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=hch@lst.de \
    --cc=jbrown@easypost.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=neilb@suse.com \
    --cc=nelhage@nelhage.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).