Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp529522pxm; Wed, 2 Mar 2022 22:13:35 -0800 (PST) X-Google-Smtp-Source: ABdhPJyhZwaLsHa+4oaprQB0EcP4gi+kD8Tlr4AvZJfLZR2CWfhwlykYZUgFKzFfIx7KBlSlmqdp X-Received: by 2002:a05:6402:510e:b0:413:963:4eac with SMTP id m14-20020a056402510e00b0041309634eacmr33220676edd.93.1646288015004; Wed, 02 Mar 2022 22:13:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646288014; cv=none; d=google.com; s=arc-20160816; b=VgUDvLZ2DPKJHIFa9bWkd7BGct+Omn9tzghdWTGxmaVbSOWTAZwFmn4iG2W2KR5YcU JtMD23RaBimo956Zypu5cyEZIYfN/SQGpUngMN6lkjrSIe0A8/8mQBuHeR0KkHpuW4gR YTH5sRwTCkgpEQwhVSUVs5eCM5sZNJ8MFLyMCy5xPHwQkj/XxXzvFKQpCKlas61oe9OW 9FPVDswoHm3XJQT/20ZhUUwaCxpBhfzJ/0/zQ3lkNioBZ/CUvjkiiBkwKg90QEGdubHU RMIBUrpzF8DVDWyWSo/gbRTcbK0cEiEoVHne1LYYxcoPur+hR7JhsalZuKKJceIqzGmW r8Ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from:mime-version :content-transfer-encoding:dkim-signature:dkim-signature; bh=dMNVq0l+SC3ZVpU1a+BGWQyiC28JMOmjuBo8L6pJWI0=; b=bRMAf/DToGZp+uM0hI2iUKHq2UeOczO4ZwUdhlImdHZMgXyP68e9ducVXoBMzXOkH9 BgMwoSb4D27D54E+hkFyjgD90YgQlbZ91IvSIIKGnyYqSgWrCN8R85s3uTZCSAt3d5rX 8N8V4gMzSA3KntrncX9fIFSJaqxU3bBZYoLWq8cJJ3sHBgsUxo0liTVtbs3cqBL3GXfl wJxfDL0qVxh5sjkmybjfc2OMI8X1hcySKCXUGfSNhiKvz0Y9sqBn1IqKMFJ5WuXMHryq /dOmVhzNIK0u+1x0t5t0xmL9MgNprqJXkU4GL7iK7iqUqcI2k96k3IqwVPLgjTxRPOMb rDKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=pkTzBV+3; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qf31-20020a1709077f1f00b006da8440d649si809947ejc.467.2022.03.02.22.12.53; Wed, 02 Mar 2022 22:13:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=pkTzBV+3; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229635AbiCCFah (ORCPT + 99 others); Thu, 3 Mar 2022 00:30:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55526 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229491AbiCCFag (ORCPT ); Thu, 3 Mar 2022 00:30:36 -0500 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CEFE25FF1D for ; Wed, 2 Mar 2022 21:29:50 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 701031F383; Thu, 3 Mar 2022 05:29:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1646285389; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dMNVq0l+SC3ZVpU1a+BGWQyiC28JMOmjuBo8L6pJWI0=; b=pkTzBV+31BqC76sWzTv2beqGi/H0xMYag3xhOJw7GNas57KupRmS/NTqVh1YvIAOXyYv1I Ja9ebpMZ28Fh9w2/fc08Z3A21f6cTvxyuiLdCoc07cphbCd/xWE8gi59tETJGru9tvkG1y Kcpp1maOfm7BTjCIedHH83bQSR6F+Ak= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1646285389; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dMNVq0l+SC3ZVpU1a+BGWQyiC28JMOmjuBo8L6pJWI0=; b=kIVDZVtyt+U/Y8aM/oI5cKEUPtrEbuR/dBISvvroImEI49AmtO1u676qEdmZ/GgwQ4I/He TbRX3/Rwtf9QLeCQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 92850139BD; Thu, 3 Mar 2022 05:29:48 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 8EkEE0xSIGIAFAAAMHmgww (envelope-from ); Thu, 03 Mar 2022 05:29:48 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 From: "NeilBrown" To: Trond Myklebust Cc: Linux NFS Mailing List Subject: NFS access problems when group membership changes on server Date: Thu, 03 Mar 2022 16:29:37 +1100 Message-id: <164628537738.17899.2312723585718867242@noble.neil.brown.name> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Since Commit 57b691819ee2 ("NFS: Cache access checks more aggressively") we do not recheck "ACCESS" tests unless the inode changes (or falls out of cache). I recently discovered that this can be problematic. The ACCESS test checks if a given user has access to a given file. That is most likely to change if the file changes, but it can change if the users capabilities change - e.g. their group memberships change. With AUTH_SYS the group membership as seen on the client is used (though with the Linux NFS server, adding the -g option to mountd can change this). With AUTH_GSS, the mapping from user to groups must happen on the server. IF this mapping changes it might be invisible to the client for an arbitrary long time. I don't think this affects files with NFSv4 as there will be a OPEN request to the server, but it does affect directories. If a user does "ls -l some-directory", this fails, and they go ask the server admin "please add me to the group to access the directory", then they go back and try again, it may well still not work. With a local filesystem, logging off and back on again might be required to refresh the groups list, but even this isn't sufficient for NFS. What to do? We could simply revert that patch and refresh the access cache similar to refreshing of other attributes. We could possibly do it with a longer timeout or only with a mount option, but I don't really like those options. Maybe we could add a 'struct pid *' to the access entry which references the PIDTYPE_SID of the calling process. This would be different for different login sessions, but common throughout one login. If we did this, then logging out and back in again would resolve the access problem, which matches that is needed for local access. I'm not sure if I like this idea or not, but I thought it worth mentioning. Any other ideas? Thanks, NeilBrown