From owner-freebsd-rc@freebsd.org Sun Jul 9 20:32:38 2017 Return-Path: Delivered-To: freebsd-rc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7585CD94902 for ; Sun, 9 Jul 2017 20:32:38 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 542746EEFB for ; Sun, 9 Jul 2017 20:32:38 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: by mailman.ysv.freebsd.org (Postfix) id 5314AD94900; Sun, 9 Jul 2017 20:32:38 +0000 (UTC) Delivered-To: rc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4EFFAD948FF; Sun, 9 Jul 2017 20:32:38 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 109376EEFA; Sun, 9 Jul 2017 20:32:37 +0000 (UTC) (envelope-from cy.schubert@komquats.com) Received: from spqr.komquats.com ([96.50.22.10]) by shaw.ca with SMTP id UIsVd0XvEM9gtUIsWdh2xb; Sun, 09 Jul 2017 14:32:29 -0600 X-Authority-Analysis: v=2.2 cv=a+JAzQaF c=1 sm=1 tr=0 a=jvE2nwUzI0ECrNeyr98KWA==:117 a=jvE2nwUzI0ECrNeyr98KWA==:17 a=kj9zAlcOel0A:10 a=G3gG6ho9WtcA:10 a=UqCG9HQmAAAA:8 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=1j0icQxtbOdNwcB9JegA:9 a=S2FHIams8PM9pwU0:21 a=aiMRPD2nugAZN8cm:21 a=CjuIK1q_8ugA:10 a=XqhbnV00hwtEhPrFMTfD:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id 52784CA; Sun, 9 Jul 2017 13:32:27 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id v69KVB9F045630; Sun, 9 Jul 2017 13:31:11 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.14.8/Submit) with ESMTP id v69KVBSn045623; Sun, 9 Jul 2017 13:31:11 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201707092031.v69KVBSn045623@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.6 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Rick Macklem cc: "freebsd-current@freebsd.org" , "rc@freebsd.org" Subject: Re: small patch for /etc/rc.d/nfsd, bugfix or POLA violation? In-Reply-To: Message from Rick Macklem of "Sun, 09 Jul 2017 19:57:22 -0000." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 09 Jul 2017 13:31:11 -0700 X-CMAE-Envelope: MS4wfO/nfrEOXZzR3pUONkxqGoMOQsPeRZYCX+U3l3esqw9pIvR2dAE+Up5hDz3LWhKV8ElkzDpdifUedWEx0BadHOicQiZQeussC79dvAHRYcjUVZf5XVTq 1MD5sozLTGe09ZEuW7savf0wZNPN35+heoIurjQFz70DtHGcZd1xBSmBOX9n7ypNpt3oCo2MG3uY8ylEfbJ4jhjnyESMxex7fB0UWVtJfx52LUsYrJc6Gy11 UVR0mq+Y2XawyERd/194Eg== X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Jul 2017 20:32:38 -0000 In message , Rick Macklem writes: > --_002_YTXPR01MB0189F5614497D4FA96A7579ADDA80YTXPR01MB0189CANP_ > Content-Type: text/plain; charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > Hi, > > The attached one line patch to /etc/rc.d/nfsd modifies the script so that i= > t > does not force the nfsuserd to be run when nfsv4_server_enable is set. > (nfsuserd can still be enabled via nfsuserd_enable=3D"YES" is /etc/rc.conf.= > ) > > Here's why I think this patch might be appropriate... > (a) - The original RFC for NFSv4 (RFC3530) essentially required Owners and > Owner_groups to be specified as @ and this required > the nfsuserd daemon to be running. > (b) - RFC7530, which replace RFC3530, allows a Owner/Owner_group string to = > be > the uid/gid number in a string when using AUTH_SYS. This simplifies confi= > guration > for an all AUTH_SYS/POSIX environment (most NFS uses, I suspect?). > > To make the server do (b), two things need to be done: > 1 - set vfs.nfsd.enable_stringtouid=3D1 > 2 - set vfs.nfsd.enable_uidtostring=3D1 (for head, I don't know if it will = > be MFC'd?) > OR > - never run nfsuserd after booting (killing it off after it has been runn= > ing is not > sufficient) > =20 > Given the above, it would seem that /etc/rc.d/nfsd should not force running= > of > the nfsuserd daemon, due to changes in the protocol. > > However, this will result in a POLA violation, in that after the patch, nfs= > userd won't > start when booting, unless nfsuserd_enable=3D"YES" is added to /etc/rc.conf= > . > > So, what do people think about this patch? rick= How about a warning message + an UPDATING entry + no MFC? And, relnotes = yes to say we now support RFC7530 in 12.0? -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.