From: Peter Staubach <staubach@redhat.com>
To: Amit Gud <agud@redhat.com>
Cc: Neil Brown <neilb@suse.de>,
nfs@lists.sourceforge.net, Steve Dickson <SteveD@redhat.com>
Subject: Re: [PATCH] fix NFS mount.nfs options v4
Date: Fri, 28 Jul 2006 12:57:30 -0400 [thread overview]
Message-ID: <44CA41FA.5060804@redhat.com> (raw)
In-Reply-To: <44CA32CE.9030205@redhat.com>
Amit Gud wrote:
>
> AG
>
>------------------------------------------------------------------------
>
>If the 'user' or 'users' mount option is specified on commandline, verify with
>/etc/fstab if it is really specified. Setuid bit is still ON and should remain
>ON since mount drops the root privileges.
>
>I've given this patch a good hammering, but not exhaustive by any means.
>
>Signed-off-by: Amit Gud <agud@redhat.com>
>Signed-off-by: Steve Dickson <steved@redhat.com>
>
>---
>
>
>diff -uprN -X ../dontdiff nfs-utils/utils/mount/mount.c nfs-utils-ag/utils/mount/mount.c
>--- nfs-utils/utils/mount/mount.c 2006-07-25 11:07:14.000000000 -0400
>+++ nfs-utils-ag/utils/mount/mount.c 2006-07-28 10:19:54.000000000 -0400
>@@ -355,9 +433,33 @@ int main(int argc, char *argv[])
>
> spec = argv[1];
> mount_point = canonicalize(argv[2]);
>-
>+
> parse_opts(mount_opts, &flags, &extra_opts);
>
>+ if (uid != 0 && !(flags & MS_USERS) && !(flags & MS_USER)) {
>+ fprintf(stderr, "%s: permission denied\n", progname);
>+ exit(1);
>+ }
>+
>+ if ((flags & MS_USER || flags & MS_USERS) && uid != 0) {
>+ /* check if fstab has entry, and further see if the user or users option is given */
>+ if ((mc = getfsspec(spec)) == NULL &&
>+ (mc = getfsfile(spec)) == NULL) {
>+ fprintf(stderr, "%s: permission denied - invalid option\n", progname);
>+ exit(1);
>+ }
>+ else {
>+ if((flags & MS_USER) && !contains(mc->m.mnt_opts, "user")) {
>+ fprintf(stderr, "%s: permission denied - invalid option\n", progname);
>+ exit(1);
>+ }
>+ if((flags & MS_USERS) && !contains(mc->m.mnt_opts, "users")) {
>+ fprintf(stderr, "%s: permission denied - invalid option\n", progname);
>+ exit(1);
>+ }
>+ }
>+ }
>+
> if (!strcmp(progname, "mount.nfs4") || nfs_mount_vers == 4) {
> nfs_mount_vers = 4;
> mnt_err = nfs4mount(spec, mount_point, &flags, &extra_opts, &mount_opts, 0);
>
>
It seems to me that these two "permission denied" messages may be somewhat
less than completely helpful. Would it be possible to be a little more
explicit about why permission was being denied?
Thanx...
ps
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2006-07-28 16:57 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-28 15:52 [PATCH] fix NFS mount.nfs options v4 Amit Gud
2006-07-28 16:57 ` Peter Staubach [this message]
2006-07-28 18:48 ` Amit Gud
2006-08-07 6:59 ` Neil Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44CA41FA.5060804@redhat.com \
--to=staubach@redhat.com \
--cc=SteveD@redhat.com \
--cc=agud@redhat.com \
--cc=neilb@suse.de \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox