From owner-freebsd-arch@FreeBSD.ORG Fri Sep 22 10:31:11 2006 Return-Path: X-Original-To: arch@FreeBSD.org Delivered-To: freebsd-arch@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0AB4F16A47E for ; Fri, 22 Sep 2006 10:31:11 +0000 (UTC) (envelope-from rink@rink.nu) Received: from mx0.rink.nu (thunderstone.rink.nu [80.112.228.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CC5B43D60 for ; Fri, 22 Sep 2006 10:31:04 +0000 (GMT) (envelope-from rink@rink.nu) Received: from localhost (localhost [127.0.0.1]) by mx0.rink.nu (Postfix) with ESMTP id 109261706D; Fri, 22 Sep 2006 12:31:14 +0200 (CEST) X-Virus-Scanned: amavisd-new at rink.nu Received: from mx0.rink.nu ([127.0.0.1]) by localhost (thunderstone.rink.nu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mnGUSF0bwP+e; Fri, 22 Sep 2006 12:31:10 +0200 (CEST) Received: by mx0.rink.nu (Postfix, from userid 1000) id 929B11704E; Fri, 22 Sep 2006 12:31:10 +0200 (CEST) Date: Fri, 22 Sep 2006 12:31:10 +0200 From: Rink Springer To: arch@FreeBSD.org Message-ID: <20060922103110.GA4266@rink.nu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="d6Gm4EdcadzBjdND" Content-Disposition: inline User-Agent: Mutt/1.5.11 Cc: roel@qsp.nl Subject: NFS+SUIDDIR problem X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2006 10:31:11 -0000 --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi everyone, At work, we are having problems migrating a local filesystem (that was mounted using -o suiddir) to a NFS server, where the filesystem is also mounted using -o suiddir. This is on a 6.1-STABLE machine If a file has been created using, say, uid1, ufs/ufs/ufs_vnops.c:ufs_makeinode() will transform this to uid2 whenever needed, as desired. However, the NFS server code nfsserver/nfs_serv.c:nfsrv_access_withgiant() will check whether the vnode's attributes match those of the user credentials (cred->cr_uid =3D=3D vattr.va_uid). As the UFS driver just transformed uid1 to uid2, the check above does not hold (as vattr.va_uid =3D=3D uid2 but cred->cr_uid =3D= =3D uid1), and thus acccess is incorrectly denied. We've devised a patch which allows any write on a MNT_SUIDDIR mounted filesystem, as long as the UID is within a certain range (settable using sysctl's). However, even though this prevents our problems, is there a better solution to this problem (eg. having the vnode remember that it was chowned and checking that field)?. Or would it be best to request our patch to be commited? Thanks, --=20 Rink P.W. Springer - http://rink.nu "When will the internet move from 64Kb max .com domains to .exe domains which can use much more memory?" - Edwin Groothuis --d6Gm4EdcadzBjdND Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (FreeBSD) iD8DBQFFE7tub3O60uztv/8RAsY8AKCpQp2+GDtWyrYRb2HEjHnC9VA1ogCghKT2 veOwFcZj4B4KRCtM35+ql/s= =r2H1 -----END PGP SIGNATURE----- --d6Gm4EdcadzBjdND--