Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S264700AbUD2VUy (ORCPT ); Thu, 29 Apr 2004 17:20:54 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S264971AbUD2VRh (ORCPT ); Thu, 29 Apr 2004 17:17:37 -0400 Received: from dh132.citi.umich.edu ([141.211.133.132]:36757 "EHLO lade.trondhjem.org") by vger.kernel.org with ESMTP id S264966AbUD2VRT (ORCPT ); Thu, 29 Apr 2004 17:17:19 -0400 Subject: Re: Possible permissions bug on NFSv3 kernel client From: Trond Myklebust To: Pascal Schmidt Cc: linux-kernel@vger.kernel.org In-Reply-To: References: <1QhAA-5zc-13@gated-at.bofh.it> <1QnPD-2pg-1@gated-at.bofh.it> Content-Type: text/plain Content-Transfer-Encoding: 7bit Message-Id: <1083273435.3686.85.camel@lade.trondhjem.org> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Thu, 29 Apr 2004 17:17:15 -0400 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1379 Lines: 32 On Thu, 2004-04-29 at 16:49, Pascal Schmidt wrote: > On Thu, 29 Apr 2004 19:50:06 +0200, you wrote in linux.kernel: > > >> ...so that the the MODIFY and EXTEND bits aren't set when writing to a > >> block or character device. > > > > Hmm... Why shouldn't the MODIFY bit at least be set if the user > > requested write access to the device? > > It's somewhat of a mixed-up situation for device nodes exported via > NFSv3. Permission bits are on the server, but the actual write does > not happen via NFS (as v3 WRITE only works on regular files). It's not "mixed up" at all: the permissions checking has to be done by the server, period. All the file security information (the mode bits, owner uid, group gid, ACLs etc) that determine whether or not the open() should succeed are defined on the *server* not on the client. If the former is doing some form of mapping of those values (in particular if it is doing some form of root/uid/gid squashing) then the only way for the client to get it right is to make an ACCESS call. The fact that the subsequent writes go to a device on the client is entirely irrelevant. Cheers, Trond - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/