Linux could write to read only files on FreeBSD NFS server

Peter Eriksson pen at lysator.liu.se
Thu Feb 27 22:11:55 UTC 2020


I see that this was a bit unclear, writing to the protected file was via NFS from a Linux (CentOS 7) client. I verified the ACLs and the file content both via NFSv4 and locally on the FreeBSD server.

Writing from an OmniOS (OpenSolaris) client fails. As does a local write. As it should...

Also, it’s not related to ACLs (atleast not directly). Using “chmod” gives the same effect:

> $ rm -f x
> $ touch x
> $ chmod 000 x
> $ ls -l x
> ---------- 1 peter86 employee-liu.se 0 27 feb 22.46 x
> $ echo foo >x
> $ cat x
> cat: x: Permission denied
> $ chmod 600 x
> cat x
> foo

Rick:
Looking at a tcpdump capture of the NFS traffic from the Linux client it seems to be doing:

1. Client -> Server:

V4 Procedure: COMPOUND (1)
 	SEQUENCE (53)
	PUTFH (22)
	OPEN (18) 
		share_access: OPEN4_SHARE_ACCESS_WRITE
		open type: OPEN4_NOCREATE
	ACCESS (3)
		Check: RD MD XT XE
	GETATTR (9)


2. Server -> Client:

V4 Procedure: COMPOUND (1)
Status: NFS4_OK
Operations (5):
    SEQUENCE (53)
	Status: NFS4_OK
    PUTFH
	Status: NFS4_OK
    OPEN
	Status: NFS4_OK
    ACCESS [Access Denied]
	Status: NFS4_OK
    GETATTR
	Status: NFS4_OK


3. Client -> Server:

V4 Procedure: COMPOUND (1)
Tag: <EMPTY>
Operations:
	SEQUENCE (53) 
	PUTFH (22)
	WRITE (38)
		Stable: FILE_SYNC4
	GETATTR (9)


4. Server -> Client

V4 Procedure: COMPOUND
Tag: <EMPTY>
Operations:
	SEQUENCE (53)
		Status: NFS4_OK
	PUTFH
		Status: NFS4_OK
	WRITE
		Status: NFS4_OK
		Committed: FILE_SYNC4
	GETATTR
		Status: NFS4_OK

(According to Wireshark)


Looks like Linux ignores the Access Denied in packet 2 and just forges ahead, and FreeBSD happily accepts the WRITE in packet 3…

- Peter


> On 27 Feb 2020, at 22:03, Peter Eriksson <pen at lysator.liu.se> wrote:
> 
> I can verify that this indeed seems to be the case - the file owner can always write to files, no matter the permissions set.
> 
> Tested both locally (on ZFS) and over NFS (from the same directory).



More information about the freebsd-fs mailing list