From owner-freebsd-bugs Thu Nov 4 13: 1:20 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id F0F9F1513D for ; Thu, 4 Nov 1999 13:01:16 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id NAA64408; Thu, 4 Nov 1999 13:00:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from galileo.math.uic.edu (galileo.math.uic.edu [131.193.179.162]) by hub.freebsd.org (Postfix) with SMTP id 552C415142 for ; Thu, 4 Nov 1999 12:57:28 -0800 (PST) (envelope-from vladimir@math.uic.edu) Received: (qmail 38653 invoked by uid 31415); 4 Nov 1999 20:56:36 -0000 Message-Id: <19991104205636.38652.qmail@galileo.math.uic.edu> Date: 4 Nov 1999 20:56:36 -0000 From: vladimir@math.uic.edu Reply-To: vladimir@math.uic.edu To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/14712: problems with access bits on NFS mounted directories, nfs vers 2 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 14712 >Category: kern >Synopsis: root has access to NFS mounted directories with maproot=nobody >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Nov 4 13:00:01 PST 1999 >Closed-Date: >Last-Modified: >Originator: Vladimir V. Egorin >Release: FreeBSD 3.3-STABLE i386 >Organization: University of Illinois at Chicago, Department of Mathematics >Environment: NFS server running FreeBSD 3.3-STABLE. NFS client running Solaris 7 (the same problem is reproducible on linux machines). >Description: Root on a client is allowed to list the directory contents, even if the mode of the directory is 711. Directory is NFS-mounted using NFS vers.2. >How-To-Repeat: galileo: BSD NFS server galois: NFS client (solaris 7) On galileo: $ ls -ld /export/4/magma drwx--x--x 7 magma math 512 Nov 1 15:36 /export/4/magma/ On galois: # mount -o vers=2 galileo:/export/4 /mnt # ls /mnt/magma LAB_HOME/ Magma2.3/ Magma2.6/ public_html@ Magma2.2/ Magma2.4/ Mailbox # umount /mnt # mount -o vers=3 galileo:/export/4 /mnt # ls /mnt/magma /mnt/magma: Permission denied NFS version 3 mount produces expected results. With NFS v.2 root is allowed to access directory. >Fix: Don't know. I also have 2 linux clients mounting directories from the same server. root on one of them has access to restricted directories, on the other it has no access (kernels have different versions). I'll be happy to provide tcpdump output of NFS packets and any other additional informations. >Release-Note: >Audit-Trail: >Unformatted: Vladimir V. Egorin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message