From owner-freebsd-stable  Fri Aug 25  9: 8: 9 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from ns1.venon.com (ns1.venon.com [64.7.7.83])
	by hub.freebsd.org (Postfix) with ESMTP id 200F937B43C
	for <freebsd-stable@FreeBSD.ORG>; Fri, 25 Aug 2000 09:08:07 -0700 (PDT)
Received: from megalomaniac.biosys.net (megalomaniac.venon.com [64.7.7.82])
	by ns1.venon.com (Postfix) with ESMTP id D88BCD147F
	for <freebsd-stable@FreeBSD.ORG>; Fri, 25 Aug 2000 12:10:38 -0400 (EDT)
Message-Id: <4.3.2.7.2.20000825120608.00b4d4a8@mail.megapathdsl.net>
X-Sender: 
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Fri, 25 Aug 2000 12:10:57 -0400
To: freebsd-stable@FreeBSD.ORG
From: Allen Landsidel <all@biosys.net>
Subject: Re: NFS client ignores "read-only" attribute on file
In-Reply-To: <14758.38824.440415.870831@onceler.kciLink.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 11:58 08/25/2000 -0400, Vivek Khera wrote:
>I have one MAJOR issue with the FreeBSD NFS client: it ignores
>read-only attribute on files owned by the current UID.
>
>Example.  "kci" is a BSD/OS 4.0.1 server with all applicable patches.
>"onceler" is a FreeBSD 4.1-STABLE (current thru wednesday's version).
>The file system is served from kci to onceler.  The FreeBSD system is
>the *only* one that ignores the read-only setting.  Linux and other
>BSD/OS systems honor it as expected.

I looked through your examples enough to say.. you proved your point.. :)

This is surely the fault of whatever subsystem is responsible for user 
authentication.. I'm not familiar enough to say if it's the client or the 
server, but my gut instinct tells me it's the server.  I would really 
uneducatedly guess that the server is not switching it's effective user id 
to that of the user issuing the request before the request is 
processed.  If you could, can you see if you're allowed to modify files 
that you have read-only access to that are owned by another user/group?  I 
suspect you'll be able to write to any file that you can read from.

Leaving this responsibility to the client would be loony as all heck, 
considering anyone could then just hack up their own nfs client and use it 
to override file permissions on any server they had a valid user/pass on.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message