From owner-freebsd-fs@freebsd.org Thu Feb 27 23:11:33 2020 Return-Path: Delivered-To: freebsd-fs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3956C2528E9 for ; Thu, 27 Feb 2020 23:11:33 +0000 (UTC) (envelope-from alan@peak.org) Received: from filter05.peak.org (filter05.peak.org [69.59.194.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "*.redcondor.net", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48T7hf0kmbz4Hry for ; Thu, 27 Feb 2020 23:11:29 +0000 (UTC) (envelope-from alan@peak.org) Received: from zmail-mta02.peak.org ([207.55.16.112]) by filter05.peak.org ({27dbf508-291b-4a6b-93f5-d568f05dc56a}) via TCP (outbound) with ESMTPS id 20200227231124796_0000 for ; Thu, 27 Feb 2020 15:11:24 -0800 X-RC-FROM: X-RC-RCPT: Received: from localhost (localhost [127.0.0.1]) by zmail-mta02.peak.org (Postfix) with ESMTP id EB6E34C4ED for ; Thu, 27 Feb 2020 15:11:18 -0800 (PST) Received: from zmail-mta02.peak.org ([127.0.0.1]) by localhost (zmail-mta02.peak.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id cnKO_QK8sH5T for ; Thu, 27 Feb 2020 15:11:18 -0800 (PST) Received: from mailproxy-lb-05.peak.org (mailproxy-lb-05.peak.org [207.55.17.95]) by zmail-mta02.peak.org (Postfix) with ESMTP id D97F14C4E9 for ; Thu, 27 Feb 2020 15:11:18 -0800 (PST) Subject: Re: Linux could write to read only files on FreeBSD NFS server To: freebsd-fs@freebsd.org References: <707243CD-C67E-4DAD-AC5A-68EC11CFFDFD@lysator.liu.se> <6EC06026-DA28-4CAC-8D56-5C7856D4625E@lysator.liu.se> From: Alan Batie Message-ID: Date: Thu, 27 Feb 2020 15:10:54 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms060005040609020000000502" X-MAG-OUTBOUND: peakinternet.redcondor.net@207.55.16/22 X-Rspamd-Queue-Id: 48T7hf0kmbz4Hry X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=peak.org; spf=pass (mx1.freebsd.org: domain of alan@peak.org designates 69.59.194.81 as permitted sender) smtp.mailfrom=alan@peak.org X-Spamd-Result: default: False [-5.01 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; SIGNED_SMIME(-2.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; HAS_ATTACHMENT(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-fs@freebsd.org]; TO_DN_NONE(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_TLS_LAST(0.00)[]; DMARC_POLICY_ALLOW(-0.50)[peak.org,none]; IP_SCORE(-0.01)[country: US(-0.05)]; RCVD_IN_DNSWL_LOW(-0.10)[81.194.59.69.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:395796, ipnet:69.59.194.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Feb 2020 23:11:33 -0000 This is a cryptographically signed message in MIME format. --------------ms060005040609020000000502 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2/27/20 2:58 PM, Luoqi Chen wrote: > One more piece of information that might help: this behavior started > somewhere between centos 5 and 6, kernel 2.6.18 and 2.6.32, i.e., the s= ame > script would fail on 2.6.18. Timing wise I believe it coincided with th= e > introduction of nfsv4. >=20 > Even if this is a linux bug, given its dominant position, we don't have= > much of a choice but to try to be compatible. Does anyone have say acce= ss > to a netapp and see how it behaves? Is this what you mean? [101] $ df . Filesystem 1K-blocks Used Available Use% Mounted on filer01-cvo.peak.org:/vol/admin 167772160 73704064 94068096 44% /filer01/cvo-admin= [102] $ rm -f x [103] $ touch x [104] $ chmod 000 x [105] $ ls -l x ----------. 1 alan wheel 0 Feb 27 15:01 x [106] $ echo foo > x -bash: x: Permission denied [107] $ chmod 600 x [108] $ cat x [109] $ cat /etc/redhat-release CentOS release 6.10 (Final) This works the same way on a truenas server: [122] $ rm x [123] $ df . Filesystem 1K-blocks Used Available Use% Mounted on tnas01-cvo.fs10g.peak.org:/mnt/zdata/nfs/admin 78257431296 54539008 78202892288 1% /tnas01-cvo/ad= min [124] $ touch x [125] $ chmod 000 x [126] $ ls -l x ----------. 1 alan wheel 0 Feb 27 15:05 x [127] $ echo foo > x -bash: x: Permission denied [128] $ chmod 600 x [129] $ cat x [130] $ However it also does the same on a native FreeBSD 11 server: [116] $ uname -a FreeBSD zbackups02.peak.org 11.3-RELEASE-p3 FreeBSD 11.3-RELEASE-p3 #0: Mon Aug 19 21:08:43 UTC 2019 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 [105] $ cat /etc/redhat-release CentOS release 6.10 (Final) [106] $ df . Filesystem 1K-blocks Used Available Use% Mounted on zbackups02.peak.org:/zbackups/zmail03-admin 5039303296 91682304 4947620992 2% /zbackups [107] $ touch x [108] $ chmod 0 x [109] $ ls -l x ----------. 1 alan root 0 Feb 27 15:08 x [110] $ echo foo > x -bash: x: Permission denied [111] $ chmod 600 x [112] $ cat x --------------ms060005040609020000000502 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC C2swggTgMIIDyKADAgECAhBUdCKrz7BUVHpHGYaNdgQcMA0GCSqGSIb3DQEBCwUAMIGNMQsw CQYDVQQGEwJJVDEQMA4GA1UECAwHQmVyZ2FtbzEZMBcGA1UEBwwQUG9udGUgU2FuIFBpZXRy bzEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxLDAqBgNVBAMMI0FjdGFs aXMgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIENBIEcyMB4XDTE5MTIxMTE5MDcxNloXDTIwMTIx MTE5MDcxNlowGDEWMBQGA1UEAwwNYWxhbkBwZWFrLm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAJ1Gw0aKu1wno1Vb1MKlI+soIv5Ph03B7gUcg350uVwjm527faMnnV1D TZ415jn4Q5MHjIS5xjFUVJwM0DGOm+aNr0tFPOEL8Y8t2w5KCs7D4ikYderuv57WTwMgjDDY mOI9cUqs+npoFBcFTzx+RunErd8d22EEq61H7Ypyi+ltb4rZweE7KnaS5kgRovJXg8ii90ze dytd96JlTx8+oripPBaG+6RTlZxrQusbvSZpwjEv8xYa3Eh45Z2tBc1xcHNzvaDhprP01OA3 Yx4lIpSxIcAD23vtgjGhU9zycLqbutVpfaLrq3EwzGA7d6Xx97jsrXpCSHYd0TX2OkQKyPcC AwEAAaOCAa4wggGqMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUa/KNnmjBJQQfUTRX9hZc lOpNaRowfgYIKwYBBQUHAQEEcjBwMDsGCCsGAQUFBzAChi9odHRwOi8vY2FjZXJ0LmFjdGFs aXMuaXQvY2VydHMvYWN0YWxpcy1hdXRjbGlnMjAxBggrBgEFBQcwAYYlaHR0cDovL29jc3Aw OS5hY3RhbGlzLml0L1ZBL0FVVEhDTC1HMjAYBgNVHREEETAPgQ1hbGFuQHBlYWsub3JnMEcG A1UdIARAMD4wPAYGK4EfARgBMDIwMAYIKwYBBQUHAgEWJGh0dHBzOi8vd3d3LmFjdGFsaXMu aXQvYXJlYS1kb3dubG9hZDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwSAYDVR0f BEEwPzA9oDugOYY3aHR0cDovL2NybDA5LmFjdGFsaXMuaXQvUmVwb3NpdG9yeS9BVVRIQ0wt RzIvZ2V0TGFzdENSTDAdBgNVHQ4EFgQU4WAWRmEM5pxYuaRqT1VOZP+87GwwDgYDVR0PAQH/ BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQAFrqbTZz6FiybHjpkR8a/eVtKR6ZTBnFE4f73m 0WC6mqryp4UKkTGl3Id/M1s54aH5Qof+x08Jlb7BgOh1VkjJNIPLWDY6qdZj/idf7DcwGMWN vXevh2QsMjJahnWOuedx+VPJybHfSLnc0iO6xXBrgbbNX6BdTidWbcaT/skBfBygtCy9KVm/ +5CR5NqVDxpmgrWlJsUkYMXaO0jvbCcEvY9LQ9nyMPPK/ttQU9XNNsarBC8cKcX95iL7rgTw AQ1r39pDjyZLC1+bMZqjUleJbpRiiBv6iXb4rFVkXg1R5LFOCX5n1ZtKk8loEFptGtaF+LCw lTtITblJ2dlelQZ3MIIGgzCCBGugAwIBAgIQT94QS+2VW96LrWWHzEFe4zANBgkqhkiG9w0B AQsFADBrMQswCQYDVQQGEwJJVDEOMAwGA1UEBwwFTWlsYW4xIzAhBgNVBAoMGkFjdGFsaXMg Uy5wLkEuLzAzMzU4NTIwOTY3MScwJQYDVQQDDB5BY3RhbGlzIEF1dGhlbnRpY2F0aW9uIFJv b3QgQ0EwHhcNMTkwOTIwMDcxMjA1WhcNMzAwOTIyMTEyMjAyWjCBjTELMAkGA1UEBhMCSVQx EDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRlIFNhbiBQaWV0cm8xIzAhBgNVBAoM GkFjdGFsaXMgUy5wLkEuLzAzMzU4NTIwOTY3MSwwKgYDVQQDDCNBY3RhbGlzIENsaWVudCBB dXRoZW50aWNhdGlvbiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALdo c3rZPNQv+9xnyj3OlHz/iRnO2hpj8xlHkCdYKNwnRabAT6J0RA11A3ZkQiEZEw66B99ES7Ez v9IRBYmIwsr720lUptObF5L3yVzl3nzaittXwWsq+CQoDEci1cKkWF5SiO22+Np2Epu2HFxk w5nXMnZibrqnC6hUGsFogTDUUVRIuLlublwWYFhpqvDaCh//ucRgRW3+rTU1nBoT1XHkXrLs Cteefjoh+o01tNTWvGi4+3OyABidGPXuoYh7UbYX1u0sG1O8rO92t5zV7/Cr/Vza9EbySh6D rCqsY333sNxikKzFyBwebZv43t1xJyMVE/CRt7BLJOyHxd1Yq0sCAwEAAaOCAf4wggH6MA8G A1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbtifN7OHCUyQICNtAwQQYIKwYB BQUHAQEENTAzMDEGCCsGAQUFBzABhiVodHRwOi8vb2NzcDA1LmFjdGFsaXMuaXQvVkEvQVVU SC1ST09UMEUGA1UdIAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5h Y3RhbGlzLml0L2FyZWEtZG93bmxvYWQwJwYDVR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwME BggrBgEFBQcDCTCB4wYDVR0fBIHbMIHYMIGWoIGToIGQhoGNbGRhcDovL2xkYXAwNS5hY3Rh bGlzLml0L2NuJTNkQWN0YWxpcyUyMEF1dGhlbnRpY2F0aW9uJTIwUm9vdCUyMENBLG8lM2RB Y3RhbGlzJTIwUy5wLkEuJTJmMDMzNTg1MjA5NjcsYyUzZElUP2NlcnRpZmljYXRlUmV2b2Nh dGlvbkxpc3Q7YmluYXJ5MD2gO6A5hjdodHRwOi8vY3JsMDUuYWN0YWxpcy5pdC9SZXBvc2l0 b3J5L0FVVEgtUk9PVC9nZXRMYXN0Q1JMMB0GA1UdDgQWBBRr8o2eaMElBB9RNFf2FlyU6k1p GjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAGBEuhmiq3L7DkGaRMG6FTm9 na4v3ya3KW+xkhFvSZgPinqeBi5qfV+dCL/BCuO/JMH9mgI5z57DnYiLQC3CIHnEtalcTfhG PleRgjRMuFQLAeYM5UAZiiPT+D8S7faZ0CZ3glRLw51QTGQJZSC+bN7mgoiBG/HmGahvLWjl kjNZ6o6AmVC3HIV1mGowamiYNEVDmen+SAdJW9uhwP+xFFZodZ0lYJQ6FHg+3pSDVx6YdM94 n9e9tlMnXKB+CY92WmPXbUOMCUjYUmTsxEu9lJEusHv+eehThrO6HiVrkHvEathHnkhphpYm SlG2KOIwfwtqJjJ9C+EMCOcDDa1ndhUTVFMMTAZmyWLRGg0U0O9hzwPA520ZL0Q0iZI7E6Kl OmaQZQX+LORMK4V6hVW9qzPZhgjw2SYux8N8vAWA/3d4ky+j1uVIzk0qRXJ0iD+B1uTyOjEx 15fmm+mowp7ycOhNUxi4d8ycqb+QkPBbZtM+zCi7eWa9hOI6I2V3mZ9bFKUqonWcqfZhvy2D EZhzJLYQ0Zw5ztrR7+fmDjuHFBG07eQcMBOUT46qL7J3ncneUooyCvpNTAlxSzE3xEc96lDd 4v38Lnl3BsuIxH9p/xb2LBGNxgR12QjFVj33wX25fyE47PUPTRt+2wBJv5oNsjatNjS4w20C CoLfVtGgVPUrMYIEFzCCBBMCAQEwgaIwgY0xCzAJBgNVBAYTAklUMRAwDgYDVQQIDAdCZXJn YW1vMRkwFwYDVQQHDBBQb250ZSBTYW4gUGlldHJvMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5B Li8wMzM1ODUyMDk2NzEsMCoGA1UEAwwjQWN0YWxpcyBDbGllbnQgQXV0aGVudGljYXRpb24g Q0EgRzICEFR0IqvPsFRUekcZho12BBwwDQYJYIZIAWUDBAIBBQCgggJFMBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIwMDIyNzIzMTA1NVowLwYJKoZIhvcN AQkEMSIEIPWQqRk2cXGMMmXFumzdEETY/E3Q8Q0BwiozODlfcHOGMGwGCSqGSIb3DQEJDzFf MF0wCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgIC AIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgbMGCSsGAQQBgjcQ BDGBpTCBojCBjTELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBv bnRlIFNhbiBQaWV0cm8xIzAhBgNVBAoMGkFjdGFsaXMgUy5wLkEuLzAzMzU4NTIwOTY3MSww KgYDVQQDDCNBY3RhbGlzIENsaWVudCBBdXRoZW50aWNhdGlvbiBDQSBHMgIQVHQiq8+wVFR6 RxmGjXYEHDCBtQYLKoZIhvcNAQkQAgsxgaWggaIwgY0xCzAJBgNVBAYTAklUMRAwDgYDVQQI DAdCZXJnYW1vMRkwFwYDVQQHDBBQb250ZSBTYW4gUGlldHJvMSMwIQYDVQQKDBpBY3RhbGlz IFMucC5BLi8wMzM1ODUyMDk2NzEsMCoGA1UEAwwjQWN0YWxpcyBDbGllbnQgQXV0aGVudGlj YXRpb24gQ0EgRzICEFR0IqvPsFRUekcZho12BBwwDQYJKoZIhvcNAQEBBQAEggEAY914fxzK +iDZj80Z/rRB+/qheo+o++keO+VC2GJ4/91CSI79xzW0HazWNA+wsFsxKzw4+YtKJP4UP39q s3Bdg4tGCuep9C5G+vJup0yafZC/Q2Zev790cBK76/oHHFU6I6OUBVf16FUpHbff0C77Vuly HCeUz1fNjplZMffUw5JjaJRjcW8cqV/hnZ0XcqIAzsM9961e4j7eVp5mxW3TWqPSoRAIx3DT JrQ768boGe5RZIhu02NgNsia/E8NAoXeAp6jfuHBDcqhLf8830IOKF6pNFS/BuCF9/G4qMw3 5izcOZpaqdjuldi5Q+NAKtUWXHhD0Cz0PUKnaBihhnBlSgAAAAAAAA== --------------ms060005040609020000000502--