Date: Tue, 14 Oct 2014 10:34:34 +0000 From: "=?utf-8?B?TG/Dr2MgQmxvdA==?=" <loic.blot@unix-experience.fr> To: freebsd-fs@freebsd.org Subject: [PATCH] disable nfsd (NFSv4) nobody/nogroup check Message-ID: <ccad8b9abb67b704e435accfc88513ea@mail.unix-experience.fr>
next in thread | raw e-mail | index | archive | help
Hi,=0A since a recent problem (see thread NFSv4 nobody issue), i think we=
need a sysctl variable to disable nobody and nogroup check into the kern=
el (default enabled)=0A This variable is useful in some situations, like =
TFTP over NFS, jails over NFS (some files like /var/db/locate.database ne=
ed nobody user).=0A=0A I added vfs.nfsd.disable_nobodycheck and vfs.nfsd.=
disable_nogroupcheck to modify NFSv4 nobody/nogroup check.=0A=0A Thanks t=
o Rick to tell me where the problem was.=0A=0A Can you review the patch, =
and add it to kernel to avoid previous mentionned issue.=0A=0A Here is my=
patch:=0A=0A --- sys/fs/nfsserver/nfs_nfsdsubs.c.orig=C2=A0=C2=A0 =C2=A0=
2014-10-14 12:03:50.163311506 +0200=0A +++ sys/fs/nfsserver/nfs_nfsdsubs.=
c=C2=A0=C2=A0 =C2=A02014-10-14 12:06:29.793304755 +0200=0A @@ -62,9 +62,1=
8 @@=0A =C2=A0SYSCTL_DECL(_vfs_nfsd);=0A =C2=A0=0A =C2=A0static int=C2=A0=
=C2=A0 =C2=A0disable_checkutf8 =3D 0;=0A +static int=C2=A0=C2=A0 =C2=A0di=
sable_nobodycheck =3D 0;=0A +static int=C2=A0=C2=A0 =C2=A0disable_nogroup=
check =3D 0;=0A =C2=A0SYSCTL_INT(_vfs_nfsd, OID_AUTO, disable_checkutf8, =
CTLFLAG_RW,=0A =C2=A0=C2=A0=C2=A0=C2=A0 &disable_checkutf8, 0,=0A =C2=A0=
=C2=A0=C2=A0=C2=A0 "Disable the NFSv4 check for a UTF8 compliant name");=
=0A +SYSCTL_INT(_vfs_nfsd, OID_AUTO, disable_nobodycheck, CTLFLAG_RW,=0A =
+=C2=A0=C2=A0=C2=A0 &disable_nobodycheck, 0,=0A +=C2=A0=C2=A0=C2=A0 "Disa=
ble the NFSv4 check when setting user nobody as owner");=0A +SYSCTL_INT(_=
vfs_nfsd, OID_AUTO, disable_nogroupcheck, CTLFLAG_RW,=0A +=C2=A0=C2=A0=C2=
=A0 &disable_nogroupcheck, 0,=0A +=C2=A0=C2=A0=C2=A0 "Disable the NFSv4 c=
heck when setting group nogroup as owner");=0A +=0A =C2=A0=0A =C2=A0stati=
c char nfsrv_hexdigit(char, int *);=0A =C2=A0=0A @@ -1543,8 +1552,8 @@=0A=
=C2=A0=C2=A0=C2=A0 =C2=A0 */=0A =C2=A0=C2=A0=C2=A0 =C2=A0if (NFSVNO_NOTS=
ETUID(nvap) && NFSVNO_NOTSETGID(nvap))=0A =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=
=C2=A0 =C2=A0goto out;=0A -=C2=A0=C2=A0 =C2=A0if ((NFSVNO_ISSETUID(nvap) =
&& nvap->na_uid =3D=3D nfsrv_defaultuid)=0A -=C2=A0=C2=A0 =C2=A0=C2=A0=C2=
=A0=C2=A0 || (NFSVNO_ISSETGID(nvap) && nvap->na_gid =3D=3D nfsrv_defaultg=
id)) {=0A +=C2=A0=C2=A0 =C2=A0if ((NFSVNO_ISSETUID(nvap) && nvap->na_uid =
=3D=3D nfsrv_defaultuid && disable_nobodycheck =3D=3D 0)=0A +=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0 || (NFSVNO_ISSETGID(nvap) && nvap->na_gid =3D=
=3D nfsrv_defaultgid && disable_nogroupcheck =3D=3D 0)) {=0A =C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0error =3D NFSERR_BADOWNER;=0A =C2=A0=C2=
=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0goto out;=0A =C2=A0=C2=A0=C2=A0 =C2=A0=
}=0A Regards,=0A=0A Lo=C3=AFc Blot,=0A UNIX Systems, Network and Security=
Engineer=0A http://www.unix-experience.fr
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ccad8b9abb67b704e435accfc88513ea>