From owner-freebsd-rc@freebsd.org  Sun Jul  9 19:57:28 2017
Return-Path: <owner-freebsd-rc@freebsd.org>
Delivered-To: freebsd-rc@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BA997D93F29
 for <freebsd-rc@mailman.ysv.freebsd.org>; Sun,  9 Jul 2017 19:57:28 +0000 (UTC)
 (envelope-from rmacklem@uoguelph.ca)
Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 80F176E0D1
 for <freebsd-rc@freebsd.org>; Sun,  9 Jul 2017 19:57:28 +0000 (UTC)
 (envelope-from rmacklem@uoguelph.ca)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 7D35AD93F27; Sun,  9 Jul 2017 19:57:28 +0000 (UTC)
Delivered-To: rc@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7910AD93F26;
 Sun,  9 Jul 2017 19:57:28 +0000 (UTC)
 (envelope-from rmacklem@uoguelph.ca)
Received: from CAN01-TO1-obe.outbound.protection.outlook.com
 (mail-eopbgr670069.outbound.protection.outlook.com [40.107.67.69])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client CN "mail.protection.outlook.com",
 Issuer "Microsoft IT SSL SHA2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 24CB06E0CF;
 Sun,  9 Jul 2017 19:57:24 +0000 (UTC)
 (envelope-from rmacklem@uoguelph.ca)
Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM (10.165.218.133) by
 YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM (10.165.218.133) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1240.13; Sun, 9 Jul 2017 19:57:22 +0000
Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) by
 YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) with mapi id
 15.01.1240.020; Sun, 9 Jul 2017 19:57:22 +0000
From: Rick Macklem <rmacklem@uoguelph.ca>
To: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>
CC: "rc@freebsd.org" <rc@freebsd.org>
Subject: small patch for /etc/rc.d/nfsd, bugfix or POLA violation?
Thread-Topic: small patch for /etc/rc.d/nfsd, bugfix or POLA violation?
Thread-Index: AQHS+OwyOXcv/ziVcEC7Kot52D/l2w==
Date: Sun, 9 Jul 2017 19:57:22 +0000
Message-ID: <YTXPR01MB0189F5614497D4FA96A7579ADDA80@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
authentication-results: freebsd.org; dkim=none (message not signed)
 header.d=none;freebsd.org; dmarc=none action=none header.from=uoguelph.ca;
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; YTXPR01MB0189;
 7:BVH6jFEjJMYrTGiSKidWOIWKFL5hK19NKXYBIm/lIuJL5kyPDTm1BBpcs7Pcwj6SjrgeQOg5j7GIalGAjG+vc0hGkpMxuzFk539mrX1u75P1ZS+2yDvLohJ7RKifSax0d35x5qfMIrcsicc+eGf0Qhz10tp9FjLnL5iDYHYtKC5EXczdbB/AY6bCpFsnWX1FNOeKp4HVatF1cKhnUxcyeN6AMcbR1znafzsWwuj9RlRIk4nQqdxuwu13pqoR2Qi2Nw1wgDvfIFrzNkHEnyQgNCvn8w4oTDFg0DFY+Bp/WUdDETANhDQRjJOyUWRsoJ7f3PCrTZ3MV3Dnr+bast7jhS+i+fps6jrPhS1QpxoMGysVSxr7NDtyCGr31eQv/eTBejKqXVg/xPyB1q+/xfTOiRg5i3shHAZWu1JN8HckBplz8tXvGkWqabXUXZqJzJzH5808V8/3BkdlovYura++z9c6jEzoshNgKnOIS1M4U/YDx5frxcGz7CgIYmjp3sacrsxIjOLbERVJFdIfOmuDjM/JSGeVn2W4DWkoF9NebVdGCziVWYLa7X9fP632S3eePnNS2Fcz+Si7OvWJbfL4dxSR3rUBSgH/VrxAYl+dmdcxf3/GA2XUNZtkyqBKWpzPs4dFCHaCXE2ZK6kJ0CO1KrdL20FA4VBxiqaAwU13OV0PE1+IqB/j9vEhCYcTqjq45SfU5S9QEfxAQG538MBP030RMPhFJ27wl3bTdyxMqGaRr5JJ14jblLWSVnCYkjuK8or9xJKt28z1PAgkzaxpBa4FUU/AMo/If+c9b2APEoA=
x-ms-office365-filtering-correlation-id: 42bb23d9-ee6b-4ef4-559f-08d4c704b6e3
x-microsoft-antispam: UriScan:; BCL:0; PCL:0;
 RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(49563074)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);
 SRVR:YTXPR01MB0189; 
x-ms-traffictypediagnostic: YTXPR01MB0189:
x-microsoft-antispam-prvs: <YTXPR01MB01894AEABDAC9E1B49C94838DDA80@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM>
x-exchange-antispam-report-test: UriScan:(158342451672863)(236129657087228)(788757137089)(247924648384137); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
 RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(102415395)(6040450)(2401047)(2017060910075)(5005006)(8121501046)(100000703101)(100105400095)(3002001)(10201501046)(93006095)(93001095)(6041248)(20161123562025)(20161123558100)(20161123564025)(20161123560025)(201703131423075)(201702281528075)(201702281529075)(201703061421075)(201703061406153)(20161123555025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095);
 SRVR:YTXPR01MB0189; BCL:0; PCL:0;
 RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);
 SRVR:YTXPR01MB0189; 
x-forefront-prvs: 03630A6A4A
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(6009001)(39840400002)(39450400003)(39850400002)(39400400002)(39410400002)(77096006)(54356999)(2906002)(99936001)(50986999)(86362001)(74482002)(2351001)(6506006)(305945005)(74316002)(6436002)(25786009)(5640700003)(55016002)(450100002)(8676002)(81166006)(8936002)(4326008)(9686003)(14454004)(2900100001)(478600001)(7696004)(38730400002)(110136004)(102836003)(6916009)(33656002)(53936002)(2501003)(5890100001)(189998001)(3280700002)(5660300001)(3660700001);
 DIR:OUT; SFP:1101; SCL:1; SRVR:YTXPR01MB0189;
 H:YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; MLV:sfv; LANG:en; 
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed;
 boundary="_002_YTXPR01MB0189F5614497D4FA96A7579ADDA80YTXPR01MB0189CANP_"
MIME-Version: 1.0
X-OriginatorOrg: uoguelph.ca
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jul 2017 19:57:22.7293 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTXPR01MB0189
X-BeenThere: freebsd-rc@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Discussion related to /etc/rc.d design and implementation."
 <freebsd-rc.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-rc>,
 <mailto:freebsd-rc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-rc/>
List-Post: <mailto:freebsd-rc@freebsd.org>
List-Help: <mailto:freebsd-rc-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-rc>,
 <mailto:freebsd-rc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Jul 2017 19:57:28 -0000

--_002_YTXPR01MB0189F5614497D4FA96A7579ADDA80YTXPR01MB0189CANP_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

The attached one line patch to /etc/rc.d/nfsd modifies the script so that i=
t
does not force the nfsuserd to be run when nfsv4_server_enable is set.
(nfsuserd can still be enabled via nfsuserd_enable=3D"YES" is /etc/rc.conf.=
)

Here's why I think this patch might be appropriate...
(a) - The original RFC for NFSv4 (RFC3530) essentially required Owners and
   Owner_groups to be specified as <user>@<domain> and this required
   the nfsuserd daemon to be running.
(b) - RFC7530, which replace RFC3530, allows a Owner/Owner_group string to =
be
  the uid/gid number in a string when using AUTH_SYS. This simplifies confi=
guration
  for an all AUTH_SYS/POSIX environment (most NFS uses, I suspect?).

To make the server do (b), two things need to be done:
1 - set vfs.nfsd.enable_stringtouid=3D1
2 - set vfs.nfsd.enable_uidtostring=3D1 (for head, I don't know if it will =
be MFC'd?)
OR
  - never run nfsuserd after booting (killing it off after it has been runn=
ing is not
    sufficient)
 =20
Given the above, it would seem that /etc/rc.d/nfsd should not force running=
 of
the nfsuserd daemon, due to changes in the protocol.

However, this will result in a POLA violation, in that after the patch, nfs=
userd won't
start when booting, unless nfsuserd_enable=3D"YES" is added to /etc/rc.conf=
.

So, what do people think about this patch? rick=

--_002_YTXPR01MB0189F5614497D4FA96A7579ADDA80YTXPR01MB0189CANP_
Content-Type: application/octet-stream; name="nfsd-rcd.patch"
Content-Description: nfsd-rcd.patch
Content-Disposition: attachment; filename="nfsd-rcd.patch"; size=372;
	creation-date="Sun, 09 Jul 2017 19:57:16 GMT";
	modification-date="Sun, 09 Jul 2017 19:57:16 GMT"
Content-Transfer-Encoding: base64

LS0tIG5mc2Quc2F2CTIwMTctMDctMDkgMTU6MzM6MDguNDE2MzgzMDAwIC0wNDAwCisrKyBuZnNk
CTIwMTctMDctMDkgMTU6MzM6NDIuNTc3MDU3MDAwIC0wNDAwCkBAIC0zMyw4ICszMyw3IEBAIG5m
c2RfcHJlY21kKCkKIAkJc3lzY3RsIHZmcy5uZnNkLm5mc19wcml2cG9ydD0wID4gL2Rldi9udWxs
CiAJZmkKIAotCWlmIGNoZWNreWVzbm8gbmZzdjRfc2VydmVyX2VuYWJsZSB8fCBcCi0JICAgIGNo
ZWNreWVzbm8gbmZzX3NlcnZlcl9tYW5hZ2VnaWRzOyB0aGVuCisJaWYgY2hlY2t5ZXNubyBuZnNf
c2VydmVyX21hbmFnZWdpZHM7IHRoZW4KIAkJZm9yY2VfZGVwZW5kIG5mc3VzZXJkIHx8IGVyciAx
ICJDYW5ub3QgcnVuIG5mc3VzZXJkIgogCWZpCiAK

--_002_YTXPR01MB0189F5614497D4FA96A7579ADDA80YTXPR01MB0189CANP_--