From owner-freebsd-rc@freebsd.org Sun Jul 9 19:57:28 2017 Return-Path: Delivered-To: freebsd-rc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BA997D93F29 for ; Sun, 9 Jul 2017 19:57:28 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 80F176E0D1 for ; Sun, 9 Jul 2017 19:57:28 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: by mailman.ysv.freebsd.org (Postfix) id 7D35AD93F27; Sun, 9 Jul 2017 19:57:28 +0000 (UTC) Delivered-To: rc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7910AD93F26; Sun, 9 Jul 2017 19:57:28 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670069.outbound.protection.outlook.com [40.107.67.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 24CB06E0CF; Sun, 9 Jul 2017 19:57:24 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM (10.165.218.133) by YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM (10.165.218.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1240.13; Sun, 9 Jul 2017 19:57:22 +0000 Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) by YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) with mapi id 15.01.1240.020; Sun, 9 Jul 2017 19:57:22 +0000 From: Rick Macklem To: "freebsd-current@freebsd.org" CC: "rc@freebsd.org" Subject: small patch for /etc/rc.d/nfsd, bugfix or POLA violation? Thread-Topic: small patch for /etc/rc.d/nfsd, bugfix or POLA violation? Thread-Index: AQHS+OwyOXcv/ziVcEC7Kot52D/l2w== Date: Sun, 9 Jul 2017 19:57:22 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=none action=none header.from=uoguelph.ca; x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; YTXPR01MB0189; 7:BVH6jFEjJMYrTGiSKidWOIWKFL5hK19NKXYBIm/lIuJL5kyPDTm1BBpcs7Pcwj6SjrgeQOg5j7GIalGAjG+vc0hGkpMxuzFk539mrX1u75P1ZS+2yDvLohJ7RKifSax0d35x5qfMIrcsicc+eGf0Qhz10tp9FjLnL5iDYHYtKC5EXczdbB/AY6bCpFsnWX1FNOeKp4HVatF1cKhnUxcyeN6AMcbR1znafzsWwuj9RlRIk4nQqdxuwu13pqoR2Qi2Nw1wgDvfIFrzNkHEnyQgNCvn8w4oTDFg0DFY+Bp/WUdDETANhDQRjJOyUWRsoJ7f3PCrTZ3MV3Dnr+bast7jhS+i+fps6jrPhS1QpxoMGysVSxr7NDtyCGr31eQv/eTBejKqXVg/xPyB1q+/xfTOiRg5i3shHAZWu1JN8HckBplz8tXvGkWqabXUXZqJzJzH5808V8/3BkdlovYura++z9c6jEzoshNgKnOIS1M4U/YDx5frxcGz7CgIYmjp3sacrsxIjOLbERVJFdIfOmuDjM/JSGeVn2W4DWkoF9NebVdGCziVWYLa7X9fP632S3eePnNS2Fcz+Si7OvWJbfL4dxSR3rUBSgH/VrxAYl+dmdcxf3/GA2XUNZtkyqBKWpzPs4dFCHaCXE2ZK6kJ0CO1KrdL20FA4VBxiqaAwU13OV0PE1+IqB/j9vEhCYcTqjq45SfU5S9QEfxAQG538MBP030RMPhFJ27wl3bTdyxMqGaRr5JJ14jblLWSVnCYkjuK8or9xJKt28z1PAgkzaxpBa4FUU/AMo/If+c9b2APEoA= x-ms-office365-filtering-correlation-id: 42bb23d9-ee6b-4ef4-559f-08d4c704b6e3 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(49563074)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:YTXPR01MB0189; x-ms-traffictypediagnostic: YTXPR01MB0189: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863)(236129657087228)(788757137089)(247924648384137); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(102415395)(6040450)(2401047)(2017060910075)(5005006)(8121501046)(100000703101)(100105400095)(3002001)(10201501046)(93006095)(93001095)(6041248)(20161123562025)(20161123558100)(20161123564025)(20161123560025)(201703131423075)(201702281528075)(201702281529075)(201703061421075)(201703061406153)(20161123555025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:YTXPR01MB0189; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:YTXPR01MB0189; x-forefront-prvs: 03630A6A4A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39840400002)(39450400003)(39850400002)(39400400002)(39410400002)(77096006)(54356999)(2906002)(99936001)(50986999)(86362001)(74482002)(2351001)(6506006)(305945005)(74316002)(6436002)(25786009)(5640700003)(55016002)(450100002)(8676002)(81166006)(8936002)(4326008)(9686003)(14454004)(2900100001)(478600001)(7696004)(38730400002)(110136004)(102836003)(6916009)(33656002)(53936002)(2501003)(5890100001)(189998001)(3280700002)(5660300001)(3660700001); DIR:OUT; SFP:1101; SCL:1; SRVR:YTXPR01MB0189; H:YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/mixed; boundary="_002_YTXPR01MB0189F5614497D4FA96A7579ADDA80YTXPR01MB0189CANP_" MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jul 2017 19:57:22.7293 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTXPR01MB0189 X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Jul 2017 19:57:28 -0000 --_002_YTXPR01MB0189F5614497D4FA96A7579ADDA80YTXPR01MB0189CANP_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, The attached one line patch to /etc/rc.d/nfsd modifies the script so that i= t does not force the nfsuserd to be run when nfsv4_server_enable is set. (nfsuserd can still be enabled via nfsuserd_enable=3D"YES" is /etc/rc.conf.= ) Here's why I think this patch might be appropriate... (a) - The original RFC for NFSv4 (RFC3530) essentially required Owners and Owner_groups to be specified as @ and this required the nfsuserd daemon to be running. (b) - RFC7530, which replace RFC3530, allows a Owner/Owner_group string to = be the uid/gid number in a string when using AUTH_SYS. This simplifies confi= guration for an all AUTH_SYS/POSIX environment (most NFS uses, I suspect?). To make the server do (b), two things need to be done: 1 - set vfs.nfsd.enable_stringtouid=3D1 2 - set vfs.nfsd.enable_uidtostring=3D1 (for head, I don't know if it will = be MFC'd?) OR - never run nfsuserd after booting (killing it off after it has been runn= ing is not sufficient) =20 Given the above, it would seem that /etc/rc.d/nfsd should not force running= of the nfsuserd daemon, due to changes in the protocol. However, this will result in a POLA violation, in that after the patch, nfs= userd won't start when booting, unless nfsuserd_enable=3D"YES" is added to /etc/rc.conf= . So, what do people think about this patch? rick= --_002_YTXPR01MB0189F5614497D4FA96A7579ADDA80YTXPR01MB0189CANP_ Content-Type: application/octet-stream; name="nfsd-rcd.patch" Content-Description: nfsd-rcd.patch Content-Disposition: attachment; filename="nfsd-rcd.patch"; size=372; creation-date="Sun, 09 Jul 2017 19:57:16 GMT"; modification-date="Sun, 09 Jul 2017 19:57:16 GMT" Content-Transfer-Encoding: base64 LS0tIG5mc2Quc2F2CTIwMTctMDctMDkgMTU6MzM6MDguNDE2MzgzMDAwIC0wNDAwCisrKyBuZnNk CTIwMTctMDctMDkgMTU6MzM6NDIuNTc3MDU3MDAwIC0wNDAwCkBAIC0zMyw4ICszMyw3IEBAIG5m c2RfcHJlY21kKCkKIAkJc3lzY3RsIHZmcy5uZnNkLm5mc19wcml2cG9ydD0wID4gL2Rldi9udWxs CiAJZmkKIAotCWlmIGNoZWNreWVzbm8gbmZzdjRfc2VydmVyX2VuYWJsZSB8fCBcCi0JICAgIGNo ZWNreWVzbm8gbmZzX3NlcnZlcl9tYW5hZ2VnaWRzOyB0aGVuCisJaWYgY2hlY2t5ZXNubyBuZnNf c2VydmVyX21hbmFnZWdpZHM7IHRoZW4KIAkJZm9yY2VfZGVwZW5kIG5mc3VzZXJkIHx8IGVyciAx ICJDYW5ub3QgcnVuIG5mc3VzZXJkIgogCWZpCiAK --_002_YTXPR01MB0189F5614497D4FA96A7579ADDA80YTXPR01MB0189CANP_-- From owner-freebsd-rc@freebsd.org Sun Jul 9 20:32:38 2017 Return-Path: Delivered-To: freebsd-rc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7585CD94902 for ; Sun, 9 Jul 2017 20:32:38 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 542746EEFB for ; Sun, 9 Jul 2017 20:32:38 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: by mailman.ysv.freebsd.org (Postfix) id 5314AD94900; Sun, 9 Jul 2017 20:32:38 +0000 (UTC) Delivered-To: rc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4EFFAD948FF; Sun, 9 Jul 2017 20:32:38 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 109376EEFA; Sun, 9 Jul 2017 20:32:37 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from spqr.komquats.com ([96.50.22.10]) by shaw.ca with SMTP id UIsVd0XvEM9gtUIsWdh2xb; Sun, 09 Jul 2017 14:32:29 -0600 X-Authority-Analysis: v=2.2 cv=a+JAzQaF c=1 sm=1 tr=0 a=jvE2nwUzI0ECrNeyr98KWA==:117 a=jvE2nwUzI0ECrNeyr98KWA==:17 a=kj9zAlcOel0A:10 a=G3gG6ho9WtcA:10 a=UqCG9HQmAAAA:8 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=1j0icQxtbOdNwcB9JegA:9 a=S2FHIams8PM9pwU0:21 a=aiMRPD2nugAZN8cm:21 a=CjuIK1q_8ugA:10 a=XqhbnV00hwtEhPrFMTfD:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id 52784CA; Sun, 9 Jul 2017 13:32:27 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id v69KVB9F045630; Sun, 9 Jul 2017 13:31:11 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.14.8/Submit) with ESMTP id v69KVBSn045623; Sun, 9 Jul 2017 13:31:11 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201707092031.v69KVBSn045623@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.6 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Rick Macklem cc: "freebsd-current@freebsd.org" , "rc@freebsd.org" Subject: Re: small patch for /etc/rc.d/nfsd, bugfix or POLA violation? In-Reply-To: Message from Rick Macklem of "Sun, 09 Jul 2017 19:57:22 -0000." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 09 Jul 2017 13:31:11 -0700 X-CMAE-Envelope: MS4wfO/nfrEOXZzR3pUONkxqGoMOQsPeRZYCX+U3l3esqw9pIvR2dAE+Up5hDz3LWhKV8ElkzDpdifUedWEx0BadHOicQiZQeussC79dvAHRYcjUVZf5XVTq 1MD5sozLTGe09ZEuW7savf0wZNPN35+heoIurjQFz70DtHGcZd1xBSmBOX9n7ypNpt3oCo2MG3uY8ylEfbJ4jhjnyESMxex7fB0UWVtJfx52LUsYrJc6Gy11 UVR0mq+Y2XawyERd/194Eg== X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Jul 2017 20:32:38 -0000 In message , Rick Macklem writes: > --_002_YTXPR01MB0189F5614497D4FA96A7579ADDA80YTXPR01MB0189CANP_ > Content-Type: text/plain; charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > Hi, > > The attached one line patch to /etc/rc.d/nfsd modifies the script so that i= > t > does not force the nfsuserd to be run when nfsv4_server_enable is set. > (nfsuserd can still be enabled via nfsuserd_enable=3D"YES" is /etc/rc.conf.= > ) > > Here's why I think this patch might be appropriate... > (a) - The original RFC for NFSv4 (RFC3530) essentially required Owners and > Owner_groups to be specified as @ and this required > the nfsuserd daemon to be running. > (b) - RFC7530, which replace RFC3530, allows a Owner/Owner_group string to = > be > the uid/gid number in a string when using AUTH_SYS. This simplifies confi= > guration > for an all AUTH_SYS/POSIX environment (most NFS uses, I suspect?). > > To make the server do (b), two things need to be done: > 1 - set vfs.nfsd.enable_stringtouid=3D1 > 2 - set vfs.nfsd.enable_uidtostring=3D1 (for head, I don't know if it will = > be MFC'd?) > OR > - never run nfsuserd after booting (killing it off after it has been runn= > ing is not > sufficient) > =20 > Given the above, it would seem that /etc/rc.d/nfsd should not force running= > of > the nfsuserd daemon, due to changes in the protocol. > > However, this will result in a POLA violation, in that after the patch, nfs= > userd won't > start when booting, unless nfsuserd_enable=3D"YES" is added to /etc/rc.conf= > . > > So, what do people think about this patch? rick= How about a warning message + an UPDATING entry + no MFC? And, relnotes = yes to say we now support RFC7530 in 12.0? -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. From owner-freebsd-rc@freebsd.org Tue Jul 11 11:48:59 2017 Return-Path: Delivered-To: freebsd-rc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 51B28D9CCE9 for ; Tue, 11 Jul 2017 11:48:59 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 19867709C2 for ; Tue, 11 Jul 2017 11:48:59 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: by mailman.ysv.freebsd.org (Postfix) id 16116D9CCE7; Tue, 11 Jul 2017 11:48:59 +0000 (UTC) Delivered-To: rc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1567FD9CCE6; Tue, 11 Jul 2017 11:48:59 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-QB1-obe.outbound.protection.outlook.com (mail-eopbgr660078.outbound.protection.outlook.com [40.107.66.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AA697709C1; Tue, 11 Jul 2017 11:48:57 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM (10.165.218.133) by YTXPR01MB0191.CANPRD01.PROD.OUTLOOK.COM (10.165.218.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1240.13; Tue, 11 Jul 2017 11:48:55 +0000 Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) by YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) with mapi id 15.01.1240.020; Tue, 11 Jul 2017 11:48:55 +0000 From: Rick Macklem To: Cy Schubert CC: "freebsd-current@freebsd.org" , "rc@freebsd.org" Subject: Re: small patch for /etc/rc.d/nfsd, bugfix or POLA violation? Thread-Topic: small patch for /etc/rc.d/nfsd, bugfix or POLA violation? Thread-Index: AQHS+PJNOXcv/ziVcEC7Kot52D/l26JOhC2z Date: Tue, 11 Jul 2017 11:48:55 +0000 Message-ID: References: Message from Rick Macklem of "Sun, 09 Jul 2017 19:57:22 -0000." , <201707092031.v69KVBSn045623@slippy.cwsent.com> In-Reply-To: <201707092031.v69KVBSn045623@slippy.cwsent.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=none action=none header.from=uoguelph.ca; x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; YTXPR01MB0191; 7:aeEZOz9Qra6OLx8PhD9pKO2IvtllQ60ED6Hgw9URkgWoN67/KQgYm16rxqajgpHpST/PmDIPbMWCTh3G+lc/VmZ3tqrex//kVdsOI7emD2IiT587sUwjYaf3ijvmLmxSPXCvu/EqeI3uYvIBhSloIa0IreBgwZNmTDxfZGk/pMX9m86E7xq1UJldoM9aJyNIdp0AUVrgMrHQ7+m1/2C7eWrqUPUHqll0nxYVmK4GxEL+rncxddzg8W1h+nu7+YtLzOCCDkmOTftApEFu2ZrUXaaRCTcKGdB+2SmMcp69H11AHbq1hALlmJSJ9MBEH5wqUh3WCLqEcpGFfZ3Q+tEthCb/lXVvpKzx/rhx5dSHeNV5oDfTEScvLX/ST8+NHk8OESm0OtP3OLOriH0EZgH/8Z9x8KJIit22QGe0o8xz0jWC0w0lByDfbz0aIS3vWOX/2TbhTuJ11zV1TDdBTYA0jwbjXM1N/ChSeAXMsObXgYXM+WYsHFwmqH1rdxVb7JjWY3JZa5yQXhfRu+2y7pR52nh96VjFg28JZPZNPS6xWDhJfAQUWhGBB2L62qWqce4PTkGZyTmz76U7OKG10Olwvg357wd4X4ztEwatEq7FKqsoegJ4GYSh9K8TQeAwU0nH2gSx6Yvpt30Q0LqFvgEBMN4HuWksq9Mqp9F8oS8TaecDFiSnLvz+HOum7PUpE3boltAIL9KuXu2+K8th0rNiwUk57lbjMNMuQdcY1BLbnQsAi88evC5lhtqbN7cxxvyZBOFk8mlWR41xd34O7IsNzmyMQQkBX5eXbKCo29e92HQ= x-ms-office365-filtering-correlation-id: 27673176-10d6-4e88-04fe-08d4c852cf73 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:YTXPR01MB0191; x-ms-traffictypediagnostic: YTXPR01MB0191: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863)(133145235818549)(236129657087228)(788757137089)(247924648384137); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(2017060910075)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(3002001)(6041248)(20161123555025)(201703131423075)(201702281528075)(201702281529075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(20161123564025)(20161123560025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:YTXPR01MB0191; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:YTXPR01MB0191; x-forefront-prvs: 0365C0E14B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39850400002)(39410400002)(39400400002)(39450400003)(39840400002)(24454002)(77096006)(6506006)(478600001)(33656002)(50986999)(54356999)(102836003)(76176999)(54906002)(110136004)(6246003)(74482002)(74316002)(53936002)(7696004)(14454004)(55016002)(38730400002)(2906002)(5660300001)(2950100002)(189998001)(6916009)(9686003)(4326008)(305945005)(229853002)(25786009)(8936002)(6436002)(3280700002)(8676002)(5890100001)(81166006)(3660700001)(86362001)(299355004); DIR:OUT; SFP:1101; SCL:1; SRVR:YTXPR01MB0191; H:YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jul 2017 11:48:55.7971 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTXPR01MB0191 X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jul 2017 11:48:59 -0000 Cy Schubert wrote: >Rick Macklem wrote: >> Hi, >> >> The attached one line patch to /etc/rc.d/nfsd modifies the script so tha= t i=3D >> t >> does not force the nfsuserd to be run when nfsv4_server_enable is set. >> (nfsuserd can still be enabled via nfsuserd_enable=3D3D"YES" is /etc/rc.= conf.=3D >> ) >> >> Here's why I think this patch might be appropriate... >> (a) - The original RFC for NFSv4 (RFC3530) essentially required Owners a= nd >> Owner_groups to be specified as @ and this required >> the nfsuserd daemon to be running. >> (b) - RFC7530, which replace RFC3530, allows a Owner/Owner_group string = to =3D >> be >> the uid/gid number in a string when using AUTH_SYS. This simplifies co= nfi=3D >> guration >> for an all AUTH_SYS/POSIX environment (most NFS uses, I suspect?). >> >> To make the server do (b), two things need to be done: >> 1 - set vfs.nfsd.enable_stringtouid=3D3D1 >> 2 - set vfs.nfsd.enable_uidtostring=3D3D1 (for head, I don't know if it = will =3D >> be MFC'd?) >> OR >> - never run nfsuserd after booting (killing it off after it has been r= unn=3D >> ing is not >> sufficient) >> =3D20 >> Given the above, it would seem that /etc/rc.d/nfsd should not force runn= ing=3D >> of >> the nfsuserd daemon, due to changes in the protocol. >> >> However, this will result in a POLA violation, in that after the patch, = nfs=3D >> userd won't >> start when booting, unless nfsuserd_enable=3D3D"YES" is added to /etc/rc= .conf=3D >> . >> >> So, what do people think about this patch? rick=3D > >How about a warning message + an UPDATING entry + no MFC? And, relnotes = =3D >yes to say we now support RFC7530 in 12.0? Sounds fine to me. I'll wait to see if there are more comments. Thanks, rick From owner-freebsd-rc@freebsd.org Wed Jul 12 01:24:33 2017 Return-Path: Delivered-To: freebsd-rc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 44886DB0079 for ; Wed, 12 Jul 2017 01:24:33 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 1D2187322C for ; Wed, 12 Jul 2017 01:24:33 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: by mailman.ysv.freebsd.org (Postfix) id 16C18DB0077; Wed, 12 Jul 2017 01:24:33 +0000 (UTC) Delivered-To: rc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 16470DB0076; Wed, 12 Jul 2017 01:24:33 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A350373222; Wed, 12 Jul 2017 01:24:31 +0000 (UTC) (envelope-from kaduk@mit.edu) X-AuditID: 1209190f-2fbff70000003f98-41-5965791ad7be Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 7B.D0.16280.A1975695; Tue, 11 Jul 2017 21:19:23 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id v6C1JLaD017718; Tue, 11 Jul 2017 21:19:22 -0400 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v6C1JI19002367 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 11 Jul 2017 21:19:21 -0400 Date: Tue, 11 Jul 2017 20:19:18 -0500 From: Benjamin Kaduk To: Rick Macklem Cc: "freebsd-current@freebsd.org" , "rc@freebsd.org" Subject: Re: small patch for /etc/rc.d/nfsd, bugfix or POLA violation? Message-ID: <20170712011918.GB80947@kduck.kaduk.org> References: <201707092031.v69KVBSn045623@slippy.cwsent.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.7.1 (2016-10-04) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrLIsWRmVeSWpSXmKPExsUixG6noitdmRpp8Owqu8WcNx+YLH6t/stk 8XDZNSYHZo8Zn+azePzevJcpgCmKyyYlNSezLLVI3y6BK2Nx6zbGgibmigMv9rI1MK5k6mLk 5JAQMJF4tGYVkM3FISSwmEnibscsNghnI6PEv4VHGCGcq0wSHT3fWUFaWARUJc4cnAFmswmo SDR0X2YGsUUE1CU2r+4Hs5kFsiWu3f0LZgsLuEnsuLqAEcTmBVr391E7K8TQX4wSLSeuMUEk BCVOznzCAtGsJXHj30ugOAeQLS2x/B8HSJhTIFaiY+M+dhBbVEBZ4u/heywTGAVmIemehaR7 FkL3AkbmVYyyKblVurmJmTnFqcm6xcmJeXmpRbomermZJXqpKaWbGEEhyynJv4NxToP3IUYB DkYlHt6GCymRQqyJZcWVuYcYJTmYlER5d+SnRgrxJeWnVGYkFmfEF5XmpBYfYpTgYFYS4Y19 AFTOm5JYWZValA+TkuZgURLnFddojBASSE8sSc1OTS1ILYLJynBwKEnw6lcADRUsSk1PrUjL zClBSDNxcIIM5wEa7h0NVMNbXJCYW5yZDpE/xajL0fRhyxcmIZa8/LxUKXFeZZBBAiBFGaV5 cHNAqUYie3/NK0ZxoLeEeQ+XA1XxANMU3KRXQEuYgJasyQb5oLgkESEl1cBYda1Fttn9tPZj 1dwjqmJ+Ux8cZKwIjA+8uklY4u1Zab/6tb0ROYE769KO9d1NvFzTcZP/esU1LTY9vpu3Dkmf F1P4nH/z6v1Jn9K4vkxzW1nfMaPf/r9huHO+w7cDEZJcjnmHn55xudgwSUSqueNDlJ1RtELU hXixlNPFcpaKl3TjoiwufFdiKc5INNRiLipOBADkBpt4EAMAAA== X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2017 01:24:33 -0000 On Tue, Jul 11, 2017 at 11:48:55AM +0000, Rick Macklem wrote: > Cy Schubert wrote: > > > >How about a warning message + an UPDATING entry + no MFC? And, relnotes = > >yes to say we now support RFC7530 in 12.0? > Sounds fine to me. I'll wait to see if there are more comments. Yes, this seems like the sort of thing best done on a major version boundary and not MFC'd. -Ben