From owner-freebsd-arch@FreeBSD.ORG Fri May 9 10:32:21 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2380B37B401; Fri, 9 May 2003 10:32:21 -0700 (PDT) Received: from lothlorien.nfbcal.org (ns.NFBCAL.ORG [157.22.230.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id 698CD43F75; Fri, 9 May 2003 10:32:20 -0700 (PDT) (envelope-from buhrow@lothlorien.nfbcal.org) Received: (from buhrow@localhost) by lothlorien.nfbcal.org (8.11.6p2/8.8.4.nfbcal.org) id h49HW9x11035; Fri, 9 May 2003 10:32:09 -0700 (PDT) Message-Id: <200305091732.h49HW9x11035@lothlorien.nfbcal.org> From: buhrow@lothlorien.nfbcal.org (Brian Buhrow) Date: Fri, 9 May 2003 10:32:09 -0700 In-Reply-To: Bruce Evans "Re: Access times on executables (kern/25777)" (May 9, 5:23pm) X-Mailer: Mail User's Shell (7.2.6 beta(4.pl1)+dynamic 20000103) To: Bruce Evans , Kirk McKusick cc: arch@FreeBSD.org cc: buhrow@lothlorien.nfbcal.org cc: Jens Schweikhardt Subject: Re: Access times on executables (kern/25777) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 May 2003 17:32:21 -0000 I hope you forgive my naive question, but I fail to understand how the NFS case can fail under any circumstance. If a user tries to execute an nfs-mounted binary which is not readable by him, doesn't the system "read" the binary as the user root in order to execute the program, assuming the proper execute bit is set? And, once that is done, wouldn't the system continue to read (page) that file as root? If that doesn't work, then I would assume that the system would fail to execute the program at all and fail with a permission denied error. In other words, when a user executes a remote file which has execute permission set, but not read permission set, whose credentials does the system use to read the file? And, wouldn't those credentials work for the duration of the program's execution, assuming you're not running Kerberized NFS or AFS? -Brian