Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Feb 2020 15:10:54 -0800
From:      Alan Batie <alan@peak.org>
To:        freebsd-fs@freebsd.org
Subject:   Re: Linux could write to read only files on FreeBSD NFS server
Message-ID:  <d73aea39-c5c2-e8ce-3745-bfd49fd69664@peak.org>
In-Reply-To: <CAHJqQjsP-w9LAS4AV64Pu9Jmv0kVFodKdT_jLUcyop3sNVh_EA@mail.gmail.com>
References:  <CAHJqQjuEVpL4xV1dAf6scFqFfMNm1gY3jOaO64ZQJTCQi_qzcQ@mail.gmail.com> <707243CD-C67E-4DAD-AC5A-68EC11CFFDFD@lysator.liu.se> <6EC06026-DA28-4CAC-8D56-5C7856D4625E@lysator.liu.se> <YTBPR01MB3374713F573B548791A22F98DDEB0@YTBPR01MB3374.CANPRD01.PROD.OUTLOOK.COM> <CAHJqQjsP-w9LAS4AV64Pu9Jmv0kVFodKdT_jLUcyop3sNVh_EA@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
On 2/27/20 2:58 PM, Luoqi Chen wrote:
> One more piece of information that might help: this behavior started
> somewhere between centos 5 and 6, kernel 2.6.18 and 2.6.32, i.e., the same
> script would fail on 2.6.18. Timing wise I believe it coincided with the
> introduction of nfsv4.
> 
> Even if this is a linux bug, given its dominant position, we don't have
> much of a choice but to try to be compatible. Does anyone have say access
> to a netapp and see how it behaves?

Is this what you mean?

<admin03.peak.org> [101] $ df .
Filesystem           1K-blocks     Used Available Use% Mounted on
filer01-cvo.peak.org:/vol/admin
                     167772160 73704064  94068096  44% /filer01/cvo-admin
<admin03.peak.org> [102] $ rm -f x
<admin03.peak.org> [103] $ touch x
<admin03.peak.org> [104] $ chmod 000 x
<admin03.peak.org> [105] $ ls -l x
----------. 1 alan wheel 0 Feb 27 15:01 x
<admin03.peak.org> [106] $ echo foo > x
-bash: x: Permission denied
<admin03.peak.org> [107] $ chmod 600 x
<admin03.peak.org> [108] $ cat x
<admin03.peak.org> [109] $ cat /etc/redhat-release
CentOS release 6.10 (Final)


This works the same way on a truenas server:

<admin03.peak.org> [122] $ rm x
<admin03.peak.org> [123] $ df .
Filesystem             1K-blocks     Used   Available Use% Mounted on
tnas01-cvo.fs10g.peak.org:/mnt/zdata/nfs/admin
                     78257431296 54539008 78202892288   1% /tnas01-cvo/admin
<admin03.peak.org> [124] $ touch x
<admin03.peak.org> [125] $ chmod 000 x
<admin03.peak.org> [126] $ ls -l x
----------. 1 alan wheel 0 Feb 27 15:05 x
<admin03.peak.org> [127] $ echo foo > x
-bash: x: Permission denied
<admin03.peak.org> [128] $ chmod 600 x
<admin03.peak.org> [129] $ cat x
<admin03.peak.org> [130] $

However it also does the same on a native FreeBSD 11 server:

<zbackups02.peak.org> [116] $ uname -a
FreeBSD zbackups02.peak.org 11.3-RELEASE-p3 FreeBSD 11.3-RELEASE-p3 #0:
Mon Aug 19 21:08:43 UTC 2019
root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

<zmail03-admin.peak.org> [105] $ cat /etc/redhat-release
CentOS release 6.10 (Final)
<zmail03-admin.peak.org> [106] $ df .
Filesystem            1K-blocks     Used  Available Use% Mounted on
zbackups02.peak.org:/zbackups/zmail03-admin
                     5039303296 91682304 4947620992   2% /zbackups
<zmail03-admin.peak.org> [107] $ touch x
<zmail03-admin.peak.org> [108] $ chmod 0 x
<zmail03-admin.peak.org> [109] $ ls -l x
----------. 1 alan root 0 Feb 27 15:08 x
<zmail03-admin.peak.org> [110] $ echo foo > x
-bash: x: Permission denied
<zmail03-admin.peak.org> [111] $ chmod 600 x
<zmail03-admin.peak.org> [112] $ cat x


[-- Attachment #2 --]
0	*H
010
	`He0	*H
k00ȠTt"ϰTTzGv0
	*H
010	UIT10UBergamo10UPonte San Pietro1#0!U
Actalis S.p.A./033585209671,0*U#Actalis Client Authentication CA G20
191211190716Z
201211190716Z010U
alan@peak.org0"0
	*H
0
FF\'U[¥#("OM~t\#}']CM59C1TT1捯KE<-J
)uO 0ؘ=qJzhO<~FĭaGrmo;*vHWȢLw+]eO><SkB&i1/Hx坭qpssᦳ7c%"!{1Spi}q0`;wzBHv5:D
00U00U#0kh%Q4W\Mi0~+r0p0;+0/http://cacert.actalis.it/certs/actalis-autclig201+0%http://ocsp09.actalis.it/VA/AUTHCL-G20U0
alan@peak.org0GU @0>0<+0200+$https://www.actalis.it/area-download0U%0++0HUA0?0=;97http://crl09.actalis.it/Repository/AUTHCL-G2/getLastCRL0U`FaXjOUNdl0U0
	*H
g>&ǎVґQ8`
1܇3[9BO	uVH4X6:c'_70ōwd,22ZuqSɱH#pk_]N'VmƓ|,)Yڕf&$`;Hl'KC0PS6ƫ/)"
kC&K_1RWnbvUd^
QN	~g՛JhZmօ;HMI^w00kOK[ދeA^0
	*H
0k10	UIT10UMilan1#0!U
Actalis S.p.A./033585209671'0%UActalis Authentication Root CA0
190920071205Z
300922112202Z010	UIT10UBergamo10UPonte San Pietro1#0!U
Actalis S.p.A./033585209671,0*U#Actalis Client Authentication CA G20"0
	*H
0
hsz</g=Δ|cG'X('EOtD
uvdB!DK3ITӛ\|ڊWk*$(G"¤X^Rv\dÙ2vbnTh0QTHnn\`Xi
`Em55q^
מ~:!5ּhs{Q,Sv\FJ*c}bmq'#𑷰K$XK00U00U#0R؈:ȟxf{8p60A+50301+0%http://ocsp05.actalis.it/VA/AUTH-ROOT0EU >0<0:U 0200+$https://www.actalis.it/area-download0'U% 0+++	0U00ldap://ldap05.actalis.it/cn%3dActalis%20Authentication%20Root%20CA,o%3dActalis%20S.p.A.%2f03358520967,c%3dIT?certificateRevocationList;binary0=;97http://crl05.actalis.it/Repository/AUTH-ROOT/getLastCRL0Ukh%Q4W\Mi0U0
	*H
`DrAD9/&)ooIz.j}_
$9ϞÝ@- yĵ\MF>W4LT@#?&wTKÝPLd	e l悈o-h3YꎀPuj0jh4ECHI[ۡVhu%`:x>ޔWtx׽S'\~	vZcmC	HRdK.{yS%k{jGHi&JQ(0j&2}
gvTSLfb
am/D4;:fe,L+zU3ن&.|wx/HM*Ert?:11חžpMSw̜[f>(yf:#ew[*ua-s$ќ9;0O/wR2
ML	qK17G=P.ywˈi,uV=}!8M~I
664m
VѠT+100010	UIT10UBergamo10UPonte San Pietro1#0!U
Actalis S.p.A./033585209671,0*U#Actalis Client Authentication CA G2Tt"ϰTTzGv0
	`HeE0	*H
	1	*H
0	*H
	1
200227231055Z0/	*H
	1" 6qq2eźlDM
*389_ps0l	*H
	1_0]0	`He*0	`He0
*H
0*H
0
*H
@0+0
*H
(0	+710010	UIT10UBergamo10UPonte San Pietro1#0!U
Actalis S.p.A./033585209671,0*U#Actalis Client Authentication CA G2Tt"ϰTTzGv0*H
	1010	UIT10UBergamo10UPonte San Pietro1#0!U
Actalis S.p.A./033585209671,0*U#Actalis Client Authentication CA G2Tt"ϰTTzGv0
	*H
cx ُAz;BbxBH54[1+<8J$?jp]F
.FnL}Cf^tpU:#WU).Vr'W͎Y1Òchcqo_᝝r=^>VfmZҡp&;Qdnc`6ȚO
~
ʡ-<B(^4T7,9ZعC@*\xC,=BhpeJ
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d73aea39-c5c2-e8ce-3745-bfd49fd69664>