[PATCH] rpc.mountd: Turn off root_squash on pseudo roots, its not needed.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

It turns out the setting of NFSEXP_ROOTSQUASH option
on pseudo roots breaks v4 exports when the no_root_squash
is set on the 'real' export. For example,

The export:

    /home/user/dir  *(rw,no_root_squash)

the /home/user directory has the 0700 permission modes

Now from an v4 enabled client do the following mount
will fail with permission denied. 
   mount server:/home/user/dir /mnt

The reason being, the 'no_root_squash' option is only
being applied to the 'dir' part of the path. So then
root tries to lookup the 'user' part, its denied. 

Now turns out the NFSEXP_ROOTSQUASH option is not need
to be set on pseudo roots because one, they are marked
as read only and two only the export part of the path 
are exposed if by chance the actual pseudo root is 
mounted. For example:
    # mount server:/ /mnt
    # ls /mnt
     ./  ../  home/
    # ls /mnt/home
    ./  ../  user/

only the above directories would be shown and they would be 
read-only

steved.


Currently the default setting of a pseudo root is to have
NFSEXP_ROOTSQUASH enabled. This setting will cause the looking
up of real export to fail when have the no_root_squash set.

It turns the setting of NFSEXP_ROOTSQUASH is not needed on pseudo
roots for two reasons. 1) pseudo roots are marked as read-only so
they can not be written on. 2) pseudo roots only show exported
entries when they are mounted.

Signed-off-by: Steve Dickson <steved@xxxxxxxxxx>
---
 utils/mountd/v4root.c |    5 ++---
 1 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index 7fd6af3..41b77eb 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -35,9 +35,8 @@ static nfs_export pseudo_root = {
 	.m_export = {
 		.e_hostname = "*",
 		.e_path = "/",
-		.e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
-				| NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
-				| NFSEXP_V4ROOT,
+		.e_flags = NFSEXP_READONLY | NFSEXP_NOSUBTREECHECK | 
+				NFSEXP_FSID | NFSEXP_V4ROOT,
 		.e_anonuid = 65534,
 		.e_anongid = 65534,
 		.e_squids = NULL,


--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux