NFS+SUIDDIR problem
Rink Springer
rink at FreeBSD.org
Fri Sep 22 03:31:11 PDT 2006
Hi everyone,
At work, we are having problems migrating a local filesystem (that was
mounted using -o suiddir) to a NFS server, where the filesystem is also
mounted using -o suiddir. This is on a 6.1-STABLE machine
If a file has been created using, say, uid1,
ufs/ufs/ufs_vnops.c:ufs_makeinode() will transform this to uid2
whenever needed, as desired.
However, the NFS server code
nfsserver/nfs_serv.c:nfsrv_access_withgiant() will check whether the
vnode's attributes match those of the user credentials (cred->cr_uid ==
vattr.va_uid). As the UFS driver just transformed uid1 to uid2, the
check above does not hold (as vattr.va_uid == uid2 but cred->cr_uid ==
uid1), and thus acccess is incorrectly denied.
We've devised a patch which allows any write on a MNT_SUIDDIR mounted
filesystem, as long as the UID is within a certain range (settable using
sysctl's).
However, even though this prevents our problems, is there a better
solution to this problem (eg. having the vnode remember that it was
chowned and checking that field)?. Or would it be best to request our
patch to be commited?
Thanks,
--
Rink P.W. Springer - http://rink.nu
"When will the internet move from 64Kb max .com domains to .exe
domains which can use much more memory?" - Edwin Groothuis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20060922/b52fa282/attachment.pgp
More information about the freebsd-arch
mailing list