Date: Thu, 26 Sep 1996 16:49:47 -0600 (MDT) From: root@engg.ucalgary.ca To: FreeBSD-gnats-submit@freebsd.org Subject: kern/1684: inconsistent permission failures on NFS requests Message-ID: <199609262249.QAA01603@zeus.engg.ucalgary.ca> Resent-Message-ID: <199609262250.PAA10387@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1684 >Category: kern >Synopsis: inconsistent permission failures on NFS requests >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 26 15:50:01 PDT 1996 >Last-Modified: >Originator: >Organization: Engineering Undergraduate Studies, University of Calgary >Release: FreeBSD 2.1-STABLE i386 >Environment: FreeBSD c16.engg.ucalgary.ca 2.1.5-RELEASE FreeBSD 2.1.5-RELEASE #1: Tue Aug 20 02:52:03 MDT 1996 root@zeus.engg.ucalgary.ca:/usr/src/sys/compile/DECPC i386 c16 is an NFS client of gw.engg.ucalgary.ca, an AIX (4.1) NFS server. gw:/user2 is exported to c16 read/write, with root accesses mapped to the user ``nobody''. >Description: When a regular user attempts to print a file using lpr, the file only prints if its contents are already in the cache. Otherwise, the attempt fails with: lpr: FILENAME: empty input file My theory is that since lpr is setuid to root, FreeBSD is requesting the file as root, not as the user. Then, gw denies the request, because the user `nobody' doesn't have access to the file. >How-To-Repeat: Script started on Thu Sep 26 16:41:03 1996 c16:~$ mkdir lprtest c16:~$ cd lprtest c16:~/lprtest$ chmod 755 . c16:~/lprtest$ cp /etc/passwd foo c16:~/lprtest$ cp /etc/passwd bar c16:~/lprtest$ ls -al total 32 drwxr-xr-x 2 gord develop 512 Sep 26 16:42 ./ drwxr-sr-x 16 gord develop 2048 Sep 26 16:42 ../ -rw------- 1 gord develop 575 Sep 26 16:42 bar -rw------- 1 gord develop 575 Sep 26 16:42 foo c16:~/lprtest$ chmod a+r foo c16:~/lprtest$ lpr foo c16:~/lprtest$ lpr bar lpr: bar: empty input file c16:~/lprtest$ cat bar root:*:0:0:Charlie &:/root:/bin/bash toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:31:Owner of many system processes:/root: operator:*:2:20:System &:/usr/guest/operator:/bin/csh bin:*:3:7:Binaries Commands and Source,,,:/:/nonexistent games:*:7:13:Games pseudo-user:/usr/games: news:*:8:8:News Subsystem:/:/nonexistent man:*:9:9:Mister Man Pages:/usr/share/man: uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67:X-10 daemon:/usr/local/xten:/nonexistent nobody:*:65534:65534:Unprivileged user:/nonexistent:/nonexistent +:*:0:0::: c16:~/lprtest$ lpr bar c16:~/lprtest$ exit Script done on Thu Sep 26 16:42:11 1996 >Fix: I have not investigated the problem fully, but it seems that FreeBSD should be modified to send NFS requests both as the real and effective user id's when they differ. Ultrix 4.2 (!) has no problem with the above sequence of commands. >Audit-Trail: >Unformatted: Gordon Matzigkeit
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609262249.QAA01603>