From owner-freebsd-current@freebsd.org Mon May 8 11:45:50 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6D62CD63092 for ; Mon, 8 May 2017 11:45:50 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670053.outbound.protection.outlook.com [40.107.67.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ED6DC19C6 for ; Mon, 8 May 2017 11:45:49 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM (10.165.218.133) by YTXPR01MB0191.CANPRD01.PROD.OUTLOOK.COM (10.165.218.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1075.11; Mon, 8 May 2017 11:45:46 +0000 Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) by YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) with mapi id 15.01.1075.019; Mon, 8 May 2017 11:45:46 +0000 From: Rick Macklem To: Slawa Olhovchenkov , "freebsd-current@freebsd.org" Subject: more default uid/gid for NFS in mountd Thread-Topic: more default uid/gid for NFS in mountd Thread-Index: AQHSx++rThRkes9J306I64SeGCJfAA== Date: Mon, 8 May 2017 11:45:46 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: zxy.spb.ru; dkim=none (message not signed) header.d=none;zxy.spb.ru; dmarc=none action=none header.from=uoguelph.ca; x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; YTXPR01MB0191; 7:pv2q296nMvzSwglphStNaAX4ERHHEDh8oFLT40aISsos767TG9Rpmg5VghRo7Rv8xm4Tmqr+S02ApPZ0rinDHFvJL3vst98AXQKPQ5dqXJ9jdhLraGrtl558QM+gkKzO1A2nP6G89s4Ui7PkWROQ+8+NxB5LCd9K+3O/fKMMljprqijyqDr66fmyLOjE1fQOtvPNxSdc0ZBHwB43BuUbpT13ahRCTYxBSB6O0quudjt/C+Ly22PhEuCfHXsypDkhvIFZesujfyZD//u+7Lt9o/s40+dYkdY9uy8IfUJv0pnwXXdpbgLXt9M0NxLorvxVS8DgM1MiQIKRRYVdhPntmQ== x-ms-office365-filtering-correlation-id: ad3258f8-8997-4bf4-d8af-08d49607c438 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081)(201702281549075); SRVR:YTXPR01MB0191; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(75325880899374); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(6041248)(20161123562025)(20161123558100)(20161123555025)(20161123564025)(20161123560025)(201703131423075)(201702281529075)(201702281528075)(201703061421075)(201703061406153)(6072148); SRVR:YTXPR01MB0191; BCL:0; PCL:0; RULEID:; SRVR:YTXPR01MB0191; x-forefront-prvs: 0301360BF5 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39410400002)(39400400002)(39450400003)(39840400002)(8676002)(7696004)(478600001)(74316002)(2900100001)(86362001)(33656002)(305945005)(81166006)(8936002)(38730400002)(2501003)(2906002)(122556002)(25786009)(5660300001)(3660700001)(3280700002)(9686003)(102836003)(551544002)(55016002)(189998001)(53936002)(6436002)(6306002)(50986999)(54356999)(74482002)(77096006)(6506006); DIR:OUT; SFP:1101; SCL:1; SRVR:YTXPR01MB0191; H:YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-originalarrivaltime: 08 May 2017 11:45:46.5517 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTXPR01MB0191 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2017 11:45:50 -0000 Hi, Five years ago (yea, it slipped through a crack;-), Slawa reported that fil= es created by root would end up owned by uid 2**32-2 (-2 as uint32_t). This happens if there is no "-maproot=3D" in the /etc/exports line. The cause is obvious. The value is set to -2 by default. The question is... Should this be changed to 65534 (ie "nobody")? - It would seem more consistent to make it the uid of nobody, but I can als= o see the argument that since it has been like this *forever*, that changing it= would be a POLA violation. What do others think? It is also the case that mountd.c doesn't look "nobody" up in the password = database to set the default. It would be nice to do this, but it could result in the= mountd daemon getting "stuck" during a boot waiting for an unresponsive LDAP service or s= imilar. Does doing this sound like a good idea? Thanks for any comments, rick ps: Here's the original email thread, in case you are interested: https://lists.freebsd.org/pipermail/freebsd-stable/2012-March/066868.= html