On Thu, 2025-01-02 at 11:08 +0200, Shaul Tamari wrote: > Hi, > > I have a question regarding NFS4.1 write delegation stateid permission checks. > > Is there a difference in how a server should check permissions for a > write delegation stateid that was given when the file was opened with: > 1. OPEN4_SHARE_ACCESS_BOTH > 2. OPEN4_SHARE_ACCESS_WRITE > (cc'ing Sagi since he was looking at this recently) A write delegation really should have been called a read-write delegation, because the server has to allow the client to do reads as well, if you hold one. The Linux kernel nfs server doesn't currently give out delegations to OPEN4_SHARE_ACCESS_WRITE-only opens for this reason. You have to request BOTH in order to get one, because a permission check for write is not sufficient to allow you to read as well. > Should the server check permissions for read access as well when > OPEN4_SHARE_ACCESS_WRITE is requested and DELEGATION_WRITE is granted > ? > Possibly? When trying to grant a write delegation, the server should probably also do an opportunistic permission check for read as well, and only grant the delegation if that passes. If it fails, you could still allow the open and just not grant the delegation. ISTR that Sagi may have tried this approach though and there was a problem with it? > or there is an assumption that the client will query the server for > read access permissions ? > The client should always do an ACCESS call to test permissions unless the user's access matches the ACE that gets sent along with the delegation. -- Jeff Layton <jlayton@xxxxxxxxxx>
