From: Steve Dickson <SteveD@redhat.com>
To: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH] Honor the no_root_squash flag on pseudo roots.
Date: Tue, 29 May 2012 11:55:42 -0400 [thread overview]
Message-ID: <4FC4F17E.90000@RedHat.com> (raw)
In-Reply-To: <1338303611.5433.14.camel@lade.trondhjem.org>
On 05/29/2012 11:00 AM, Trond Myklebust wrote:
> On Tue, 2012-05-29 at 09:07 -0400, Steve Dickson wrote:
>> If root squashing is turned off on a export that
>> has multiple directories, the parent directories
>> of the pseudo exports that's built, also needs to
>> have root squashing turned off.
>>
>> Signed-off-by: Steve Dickson <steved@redhat.com>
>> ---
>> utils/mountd/v4root.c | 9 ++++++++-
>> 1 files changed, 8 insertions(+), 1 deletions(-)
>>
>> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
>> index 708eb61..ad8a3e7 100644
>> --- a/utils/mountd/v4root.c
>> +++ b/utils/mountd/v4root.c
>> @@ -92,7 +92,14 @@ v4root_create(char *path, nfs_export *export)
>> exp = export_create(&eep, 0);
>> if (exp == NULL)
>> return NULL;
>> - xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
>> + /*
>> + * Honor the no_root_squash flag
>> + */
>> + if ((curexp->e_flags & NFSEXP_ROOTSQUASH) == 0)
>> + exp->m_export.e_flags &= ~NFSEXP_ROOTSQUASH;
>> + xlog(D_CALL, "v4root_create: path '%s' flags 0x%x",
>> + exp->m_export.e_path, exp->m_export.e_flags);
>> +
>> return &exp->m_export;
>> }
>
>
> As long as the user is authenticated, why do we care whether or not they
> are squashed to user 'nobody' for authorisation purposes? There
> shouldn't be any permission checks enforced on the pseudo-root, should
> there?
>
The access checks come during the lookup of the pseudo-root.
For example
/home/steved/work *(rw,no_root_squash)
This is the export which causes mountd builds the pseudo-roots of
'/', '/home', and '/home/steved'
Now if the no_root_squash is not set on those pseudo-roots the
access bits returned by server will cause the lookup of
/home/steved/work to fail.
steved.
next prev parent reply other threads:[~2012-05-29 15:56 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-29 13:07 [PATCH] Honor the no_root_squash flag on pseudo roots Steve Dickson
2012-05-29 15:00 ` Trond Myklebust
2012-05-29 15:55 ` Steve Dickson [this message]
2012-05-29 16:29 ` Myklebust, Trond
2012-05-29 16:49 ` Steve Dickson
2012-05-29 15:31 ` J. Bruce Fields
2012-05-29 19:18 ` Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FC4F17E.90000@RedHat.com \
--to=steved@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).