From owner-freebsd-current@freebsd.org Sun May 14 01:12:14 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D41C7D6124D for ; Sun, 14 May 2017 01:12:14 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-QB1-obe.outbound.protection.outlook.com (mail-eopbgr660053.outbound.protection.outlook.com [40.107.66.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 839596EB for ; Sun, 14 May 2017 01:12:13 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM (10.165.218.133) by YTXPR01MB0190.CANPRD01.PROD.OUTLOOK.COM (10.165.218.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1084.16; Sun, 14 May 2017 01:12:11 +0000 Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) by YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) with mapi id 15.01.1084.026; Sun, 14 May 2017 01:12:11 +0000 From: Rick Macklem To: Slawa Olhovchenkov CC: "freebsd-current@freebsd.org" Subject: Re: more default uid/gid for NFS in mountd Thread-Topic: more default uid/gid for NFS in mountd Thread-Index: AQHSx++rThRkes9J306I64SeGCJfAKHqceCAgAiaBnc= Date: Sun, 14 May 2017 01:12:11 +0000 Message-ID: References: , <20170508134203.GA3165@zxy.spb.ru> In-Reply-To: <20170508134203.GA3165@zxy.spb.ru> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=none action=none header.from=uoguelph.ca; x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; YTXPR01MB0190; 7:c7lGQIUUtDds4YYYulpKMxooeGL/je+pR8Jhr1xBRsNZrmGcfhMlWB71NrSoh9WnQTEI8c9XFG75aBrVAttDaQS+YhOfprhL2RYwvGeycnJjUDKUfvLuKumm49u7qVOAaOSWg2LSWceLexmkj7yOi9RHlpetwyCcnvF79a70vYXd8dzg7YfabJDFG93h3H7KiYCncOUSCH2GAa0rOEKD59043R49vZ5nuTgI42GRaT5o5MQpI6F898FbudlLKtMcilZmWyn7j33jDjwN62FizRQe4rqV8ZQel7hRpxrnKtEjEl4KcxrnayJYaOepi1RKLhemMk0MljEY846uwcXCbA== x-ms-office365-filtering-correlation-id: 8b74b717-58b0-4664-6781-08d49a663fdf x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081)(201702281549075); SRVR:YTXPR01MB0190; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(6041248)(201703131423075)(201702281529075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123555025)(20161123558100)(20161123560025)(20161123564025)(6072148); SRVR:YTXPR01MB0190; BCL:0; PCL:0; RULEID:; SRVR:YTXPR01MB0190; x-forefront-prvs: 03077579FF x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39410400002)(39840400002)(39400400002)(39450400003)(39850400002)(51914003)(24454002)(2900100001)(305945005)(25786009)(74316002)(3660700001)(4326008)(3280700002)(2906002)(8676002)(81166006)(74482002)(122556002)(54356999)(76176999)(50986999)(33656002)(86362001)(551544002)(7696004)(8936002)(6506006)(189998001)(110136004)(6436002)(229853002)(6246003)(38730400002)(2950100002)(6916009)(77096006)(53936002)(102836003)(55016002)(5660300001)(9686003)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:YTXPR01MB0190; H:YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-originalarrivaltime: 14 May 2017 01:12:11.4248 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTXPR01MB0190 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 May 2017 01:12:14 -0000 Slawa Olhovchenkov wrote: >Rick Macklem wrote: >> Hi, >> >> Five years ago (yea, it slipped through a crack;-), Slawa reported that = files >> created by root would end up owned by uid 2**32-2 (-2 as uint32_t). >> This happens if there is no "-maproot=3D" in the /etc/exports line= . >> >> The cause is obvious. The value is set to -2 by default. >> >> The question is... Should this be changed to 65534 (ie "nobody")? >> - It would seem more consistent to make it the uid of nobody, but I can = also see >> the argument that since it has been like this *forever*, that changing= it would be >> a POLA violation. >> What do others think? > >IMHO uid 2**32-2 is POLA violation. >Nobody expect this uid. Too much number. This is like bug. This is what I have just committed. Thanks for the comments. >> It is also the case that mountd.c doesn't look "nobody" up in the passwo= rd database >> to set the default. It would be nice to do this, but it could result in = the mountd daemon >> getting "stuck" during a boot waiting for an unresponsive LDAP service o= r similar. >> Does doing this sound like a good idea? > >This is (stuck at boot) already do for case of using NIS and nfsuserd. There is a difference here. nfsuserd mpas between uid/names, so it can't wo= rk without the password database. mountd can work without the password database, so I held off on doing this = for now. >I am regular see this for case of DNS failed at boot. >You offer don't impair current behaviour. As an aside, if you have the critical entries in the local files (/etc/host= s, /etc/passwd, /etc/group) and then tell the libraries to search these first in /etc/nsswi= tch.conf, then you usually avoid this problem. Thanks for the comments, rick