From: Peter Staubach <staubach@redhat.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Chuck Lever <chuck.lever@oracle.com>,
trond.myklebust@fys.uio.no, linux-nfs@vger.kernel.org
Subject: Re: [PATCH] NFS: Change default behavior when "sec=" is not specified by user
Date: Tue, 01 Sep 2009 14:52:44 -0400 [thread overview]
Message-ID: <4A9D6D7C.60501@redhat.com> (raw)
In-Reply-To: <20090901185011.GC27726@fieldses.org>
J. Bruce Fields wrote:
> On Tue, Sep 01, 2009 at 02:33:50PM -0400, Peter Staubach wrote:
>> Chuck Lever wrote:
>>> On Sep 1, 2009, at 12:38 PM, J. Bruce Fields wrote:
>>>
>>>> On Tue, Sep 01, 2009 at 12:29:30PM -0400, Chuck Lever wrote:
>>>>> On Sep 1, 2009, at 12:09 PM, J. Bruce Fields wrote:
>>>>>> And, sure, that'd be OK with me, and would probably be better than
>>>>>> adding another exception, so I'm OK with skipping #3. (We definitely
>>>>>> shouldn't omit #2, though.)
>>>>> Seems straightforward enough, but... Why are we doing this again? It
>>>>> still seems like non-standard behavior. Are we simply attempting to
>>>>> avoid the case where folks would get the "nobody" behavior unexpectedly
>>>>> because of a mountd bug, or is there more to it?
>>>> That's all there is to it. As I said:
>>>>
>>>>>>>>>> 2. In the absence of sec=, we should probably *not* choose
>>>>>>>>>> AUTH_NULL. (All mountd's before 1.1.3 list AUTH_NULL first on
>>>>>>>>>> the returned list, so users with older servers may wonder why a
>>>>>>>>>> client upgrade is making files they create suddenly be owned by
>>>>>>>>>> nobody.) http://marc.info/?l=linux-nfs&m=125089022306281&w=2
>>>>> I'm just thinking of what the documenting comment might say, and perhaps
>>>>> some explanation added to nfs(5).
>>>> "As a special case, to work around bugs in some older servers, the
>>>> client will never automatically negotiate auth_null; if auth_null is
>>>> desired, an explicit "sec=null" on the commandline is required."
>>>>
>>>> Or something like that.
>>> OK, one more corner case.
>>>
>>> What if the mount doesn't specify "sec=" and the only flavor in the
>>> server's auth list is AUTH_NULL? Seems like we should allow that one.
>>>
>> Some servers will accept any flavor of incoming RPC security
>> and just use AUTH_NULL in this situation. It really shouldn't
>> matter what the client sends, as long as the server is just
>> going to map all requests to nobody/nobody anyway...
>
> OK, but let's not pile on more workarounds than we have to. I don't see
> any reason that we really need to do anything special for servers that
> are broken in *that* particular way....
>
I don't think that that is considered to be broken, by the way.
I am not sure whether it still works this way, but I know that
Solaris used to work this way, at the very least.
Since I clearly haven't looked, but why would the Linux NFS
server care which flavor that it got sent, if the export is
configured to map all requests to nobody/nobody?
ps
next prev parent reply other threads:[~2009-09-01 18:52 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-01 14:31 [PATCH] NFS: Change default behavior when "sec=" is not specified by user Chuck Lever
[not found] ` <20090901143012.3978.11441.stgit-RytpoXr2tKZ9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2009-09-01 15:05 ` J. Bruce Fields
2009-09-01 15:10 ` Chuck Lever
2009-09-01 15:18 ` J. Bruce Fields
2009-09-01 15:52 ` Chuck Lever
2009-09-01 16:09 ` J. Bruce Fields
2009-09-01 16:29 ` Chuck Lever
2009-09-01 16:38 ` J. Bruce Fields
2009-09-01 18:07 ` Chuck Lever
2009-09-01 18:21 ` J. Bruce Fields
2009-09-01 18:25 ` Trond Myklebust
[not found] ` <1251829540.18608.31.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-01 18:28 ` Trond Myklebust
[not found] ` <1251829737.18608.34.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-01 18:35 ` Trond Myklebust
2009-09-01 18:58 ` Chuck Lever
2009-09-01 19:31 ` Trond Myklebust
[not found] ` <1251833479.18608.69.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-01 19:33 ` Trond Myklebust
2009-09-01 20:10 ` Chuck Lever
2009-09-01 20:15 ` J. Bruce Fields
2009-09-01 20:31 ` Chuck Lever
2009-09-01 21:22 ` Trond Myklebust
[not found] ` <1251840160.8463.20.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2009-09-02 14:16 ` Chuck Lever
2009-09-01 18:33 ` Peter Staubach
2009-09-01 18:50 ` J. Bruce Fields
2009-09-01 18:52 ` Peter Staubach [this message]
2009-09-01 19:16 ` J. Bruce Fields
2009-09-01 19:24 ` Peter Staubach
2009-09-01 20:05 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A9D6D7C.60501@redhat.com \
--to=staubach@redhat.com \
--cc=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox