From owner-freebsd-fs@freebsd.org Thu Feb 27 23:31:26 2020 Return-Path: Delivered-To: freebsd-fs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 07DE1253149 for ; Thu, 27 Feb 2020 23:31:26 +0000 (UTC) (envelope-from luoqi.chen@gmail.com) Received: from mail-oi1-x243.google.com (mail-oi1-x243.google.com [IPv6:2607:f8b0:4864:20::243]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48T87c3KVKz3PS9 for ; Thu, 27 Feb 2020 23:31:23 +0000 (UTC) (envelope-from luoqi.chen@gmail.com) Received: by mail-oi1-x243.google.com with SMTP id b18so1095965oie.2 for ; Thu, 27 Feb 2020 15:31:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QyvokkXoz/9RMuZPzHKaCSvHRiMCBau0/ZiFJWYqKtE=; b=A/FzFOD+ZTgyxj/jN514JP4b1XWP8XQzsSjYqpUosSoHyJhTpkdAyAKtEOqPhzMgkc WxuR/Zu1RErSyPep3JCKrnl1Qb04WVhAMdw9FNbonXJ6KZ6tMuwph8szi4nQaRNt/1as +n6xzkrVtW49/tofHJ1kkvBxBGQTlQ1Fqaq3FHsySOR5iHSp8bFinWLPkZg1wVUc8qfB CJrCUUlJPWb4nmjHRNIiflo/kttw9eN9NNiU+m+JHIxf8vCqRRIjuzjChhg4C+lgUVVA zahSSeZE5SepdiPjjnhpVwSr8aI28JPd/GKE7JqjmbtLhgpXvvzOfEAj9WUbqNIFzRCa YtqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QyvokkXoz/9RMuZPzHKaCSvHRiMCBau0/ZiFJWYqKtE=; b=HL4rhFHCY2R7aNhs0lB64nXmgEoWqUw+Ep/s9HuYtft4AqjmybKu8sKDnHbsbu+idh RcLhs1sxpQWKjx7qoTs2FaxowcMzVnj1s4yIwFp13snKc2BzT4rom0e7Zwi1TFeoj3Mh /hT5o6cT7UQ3rAQyEWL0maZ8WeCvmEJs3vAH4pssXzRA/6z7s31I9DLNm/Vd/jwfKnkm MDJO0i4TFU5zJuh6MF0v7yLZoFZ5aFSKVveYttiUCUQnhjnd/Oc8c9wtQ8iW77x35F/0 fweTg/DqPumanv+vQRE7cloU6lcdr3b2aj64vk2Q6cZezqdKBt5BigkQ8DUxt1pzjX83 +/HQ== X-Gm-Message-State: APjAAAVe2TAidoIWZhRFbsUrOAkKh4YZfiGdhRJ/h9JvfYkBJCUTZxQK FeAF6fDh31LBFvgQd2ueJxPuveFHVdRxhnNadEQ= X-Google-Smtp-Source: APXvYqxZmrSTMXDhh61GZdfFLDzml1ZLxh6m5NSGDwxyFnKahOnWlwJ/aXpmcCuULCv04e1hYeQbSwbv2xpLy9mRxj8= X-Received: by 2002:a05:6808:104:: with SMTP id b4mr1051624oie.169.1582846282001; Thu, 27 Feb 2020 15:31:22 -0800 (PST) MIME-Version: 1.0 References: <707243CD-C67E-4DAD-AC5A-68EC11CFFDFD@lysator.liu.se> <6EC06026-DA28-4CAC-8D56-5C7856D4625E@lysator.liu.se> In-Reply-To: From: Luoqi Chen Date: Thu, 27 Feb 2020 15:31:12 -0800 Message-ID: Subject: Re: Linux could write to read only files on FreeBSD NFS server To: Alan Batie Cc: freebsd-fs X-Rspamd-Queue-Id: 48T87c3KVKz3PS9 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=A/FzFOD+; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of luoqichen@gmail.com designates 2607:f8b0:4864:20::243 as permitted sender) smtp.mailfrom=luoqichen@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-fs@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[3.4.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; IP_SCORE(0.00)[ip: (2.36), ipnet: 2607:f8b0::/32(-1.88), asn: 15169(-1.67), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Feb 2020 23:31:26 -0000 On Thu, Feb 27, 2020 at 3:12 PM Alan Batie wrote: > On 2/27/20 2:58 PM, Luoqi Chen wrote: > > One more piece of information that might help: this behavior started > > somewhere between centos 5 and 6, kernel 2.6.18 and 2.6.32, i.e., the > same > > script would fail on 2.6.18. Timing wise I believe it coincided with the > > introduction of nfsv4. > > > > Even if this is a linux bug, given its dominant position, we don't have > > much of a choice but to try to be compatible. Does anyone have say access > > to a netapp and see how it behaves? > > Is this what you mean? > > [101] $ df . > Filesystem 1K-blocks Used Available Use% Mounted on > filer01-cvo.peak.org:/vol/admin > 167772160 73704064 94068096 44% /filer01/cvo-admin > [102] $ rm -f x > [103] $ touch x > [104] $ chmod 000 x > [105] $ ls -l x > ----------. 1 alan wheel 0 Feb 27 15:01 x > [106] $ echo foo > x > -bash: x: Permission denied > [107] $ chmod 600 x > [108] $ cat x > [109] $ cat /etc/redhat-release > CentOS release 6.10 (Final) > > > This works the same way on a truenas server: > > [122] $ rm x > [123] $ df . > Filesystem 1K-blocks Used Available Use% Mounted on > tnas01-cvo.fs10g.peak.org:/mnt/zdata/nfs/admin > 78257431296 54539008 78202892288 1% > /tnas01-cvo/admin > [124] $ touch x > [125] $ chmod 000 x > [126] $ ls -l x > ----------. 1 alan wheel 0 Feb 27 15:05 x > [127] $ echo foo > x > -bash: x: Permission denied > [128] $ chmod 600 x > [129] $ cat x > [130] $ > > However it also does the same on a native FreeBSD 11 server: > > [116] $ uname -a > FreeBSD zbackups02.peak.org 11.3-RELEASE-p3 FreeBSD 11.3-RELEASE-p3 #0: > Mon Aug 19 21:08:43 UTC 2019 > root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 > > [105] $ cat /etc/redhat-release > CentOS release 6.10 (Final) > [106] $ df . > Filesystem 1K-blocks Used Available Use% Mounted on > zbackups02.peak.org:/zbackups/zmail03-admin > 5039303296 91682304 4947620992 2% /zbackups > [107] $ touch x > [108] $ chmod 0 x > [109] $ ls -l x > ----------. 1 alan root 0 Feb 27 15:08 x > [110] $ echo foo > x > -bash: x: Permission denied > [111] $ chmod 600 x > [112] $ cat x > Yes, except to leave the read bit(s) on. I can confirm that the write would fail on centos 6/7/8 if all bits are cleared.