Date: Sun, 09 Jul 2017 13:31:11 -0700 From: Cy Schubert <Cy.Schubert@komquats.com> To: Rick Macklem <rmacklem@uoguelph.ca> Cc: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>, "rc@freebsd.org" <rc@freebsd.org> Subject: Re: small patch for /etc/rc.d/nfsd, bugfix or POLA violation? Message-ID: <201707092031.v69KVBSn045623@slippy.cwsent.com> In-Reply-To: Message from Rick Macklem <rmacklem@uoguelph.ca> of "Sun, 09 Jul 2017 19:57:22 -0000." <YTXPR01MB0189F5614497D4FA96A7579ADDA80@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <YTXPR01MB0189F5614497D4FA96A7579ADDA80@YTXPR01MB0189.CANPRD01.PR OD. OUTLOOK.COM>, Rick Macklem writes: > --_002_YTXPR01MB0189F5614497D4FA96A7579ADDA80YTXPR01MB0189CANP_ > Content-Type: text/plain; charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > Hi, > > The attached one line patch to /etc/rc.d/nfsd modifies the script so that i= > t > does not force the nfsuserd to be run when nfsv4_server_enable is set. > (nfsuserd can still be enabled via nfsuserd_enable=3D"YES" is /etc/rc.conf.= > ) > > Here's why I think this patch might be appropriate... > (a) - The original RFC for NFSv4 (RFC3530) essentially required Owners and > Owner_groups to be specified as <user>@<domain> and this required > the nfsuserd daemon to be running. > (b) - RFC7530, which replace RFC3530, allows a Owner/Owner_group string to = > be > the uid/gid number in a string when using AUTH_SYS. This simplifies confi= > guration > for an all AUTH_SYS/POSIX environment (most NFS uses, I suspect?). > > To make the server do (b), two things need to be done: > 1 - set vfs.nfsd.enable_stringtouid=3D1 > 2 - set vfs.nfsd.enable_uidtostring=3D1 (for head, I don't know if it will = > be MFC'd?) > OR > - never run nfsuserd after booting (killing it off after it has been runn= > ing is not > sufficient) > =20 > Given the above, it would seem that /etc/rc.d/nfsd should not force running= > of > the nfsuserd daemon, due to changes in the protocol. > > However, this will result in a POLA violation, in that after the patch, nfs= > userd won't > start when booting, unless nfsuserd_enable=3D"YES" is added to /etc/rc.conf= > . > > So, what do people think about this patch? rick= How about a warning message + an UPDATING entry + no MFC? And, relnotes = yes to say we now support RFC7530 in 12.0? -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707092031.v69KVBSn045623>