From owner-freebsd-bugs Thu Sep 26 15:50:11 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id PAA10434 for bugs-outgoing; Thu, 26 Sep 1996 15:50:11 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id PAA10387; Thu, 26 Sep 1996 15:50:02 -0700 (PDT) Resent-Date: Thu, 26 Sep 1996 15:50:02 -0700 (PDT) Resent-Message-Id: <199609262250.PAA10387@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, gord@enci.ucalgary.ca Received: from engg.ucalgary.ca (gw.engg.ucalgary.ca [136.159.96.112]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id PAA10279 for ; Thu, 26 Sep 1996 15:49:52 -0700 (PDT) Received: from zeus.engg.ucalgary.ca by engg.ucalgary.ca (AIX 4.1/UCB 5.64/4.03) id AA17290; Thu, 26 Sep 1996 16:50:49 -0600 Received: by zeus.engg.ucalgary.ca (8.7.5/client-1.5) id QAA01603; Thu, 26 Sep 1996 16:49:47 -0600 (MDT) Message-Id: <199609262249.QAA01603@zeus.engg.ucalgary.ca> Date: Thu, 26 Sep 1996 16:49:47 -0600 (MDT) From: root@engg.ucalgary.ca Reply-To: gord@enci.ucalgary.ca To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/1684: inconsistent permission failures on NFS requests Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 1684 >Category: kern >Synopsis: inconsistent permission failures on NFS requests >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 26 15:50:01 PDT 1996 >Last-Modified: >Originator: >Organization: Engineering Undergraduate Studies, University of Calgary >Release: FreeBSD 2.1-STABLE i386 >Environment: FreeBSD c16.engg.ucalgary.ca 2.1.5-RELEASE FreeBSD 2.1.5-RELEASE #1: Tue Aug 20 02:52:03 MDT 1996 root@zeus.engg.ucalgary.ca:/usr/src/sys/compile/DECPC i386 c16 is an NFS client of gw.engg.ucalgary.ca, an AIX (4.1) NFS server. gw:/user2 is exported to c16 read/write, with root accesses mapped to the user ``nobody''. >Description: When a regular user attempts to print a file using lpr, the file only prints if its contents are already in the cache. Otherwise, the attempt fails with: lpr: FILENAME: empty input file My theory is that since lpr is setuid to root, FreeBSD is requesting the file as root, not as the user. Then, gw denies the request, because the user `nobody' doesn't have access to the file. >How-To-Repeat: Script started on Thu Sep 26 16:41:03 1996 c16:~$ mkdir lprtest c16:~$ cd lprtest c16:~/lprtest$ chmod 755 . c16:~/lprtest$ cp /etc/passwd foo c16:~/lprtest$ cp /etc/passwd bar c16:~/lprtest$ ls -al total 32 drwxr-xr-x 2 gord develop 512 Sep 26 16:42 ./ drwxr-sr-x 16 gord develop 2048 Sep 26 16:42 ../ -rw------- 1 gord develop 575 Sep 26 16:42 bar -rw------- 1 gord develop 575 Sep 26 16:42 foo c16:~/lprtest$ chmod a+r foo c16:~/lprtest$ lpr foo c16:~/lprtest$ lpr bar lpr: bar: empty input file c16:~/lprtest$ cat bar root:*:0:0:Charlie &:/root:/bin/bash toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:31:Owner of many system processes:/root: operator:*:2:20:System &:/usr/guest/operator:/bin/csh bin:*:3:7:Binaries Commands and Source,,,:/:/nonexistent games:*:7:13:Games pseudo-user:/usr/games: news:*:8:8:News Subsystem:/:/nonexistent man:*:9:9:Mister Man Pages:/usr/share/man: uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67:X-10 daemon:/usr/local/xten:/nonexistent nobody:*:65534:65534:Unprivileged user:/nonexistent:/nonexistent +:*:0:0::: c16:~/lprtest$ lpr bar c16:~/lprtest$ exit Script done on Thu Sep 26 16:42:11 1996 >Fix: I have not investigated the problem fully, but it seems that FreeBSD should be modified to send NFS requests both as the real and effective user id's when they differ. Ultrix 4.2 (!) has no problem with the above sequence of commands. >Audit-Trail: >Unformatted: Gordon Matzigkeit