Re: [PATCH] Honor the no_root_squash flag on pseudo roots.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 05/29/2012 11:00 AM, Trond Myklebust wrote:
> On Tue, 2012-05-29 at 09:07 -0400, Steve Dickson wrote:
>> If root squashing is turned off on a export that
>> has multiple directories, the parent directories
>> of the pseudo exports that's built, also needs to
>> have root squashing turned off.
>>
>> Signed-off-by: Steve Dickson <steved@xxxxxxxxxx>
>> ---
>>  utils/mountd/v4root.c |    9 ++++++++-
>>  1 files changed, 8 insertions(+), 1 deletions(-)
>>
>> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
>> index 708eb61..ad8a3e7 100644
>> --- a/utils/mountd/v4root.c
>> +++ b/utils/mountd/v4root.c
>> @@ -92,7 +92,14 @@ v4root_create(char *path, nfs_export *export)
>>  	exp = export_create(&eep, 0);
>>  	if (exp == NULL)
>>  		return NULL;
>> -	xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
>> +	/*
>> +	 * Honor the no_root_squash flag 
>> +	 */
>> +	if ((curexp->e_flags & NFSEXP_ROOTSQUASH) == 0)
>> +		exp->m_export.e_flags &= ~NFSEXP_ROOTSQUASH;
>> +	xlog(D_CALL, "v4root_create: path '%s' flags 0x%x", 
>> +		exp->m_export.e_path, exp->m_export.e_flags);
>> +
>>  	return &exp->m_export;
>>  }
> 
> 
> As long as the user is authenticated, why do we care whether or not they
> are squashed to user 'nobody' for authorisation purposes? There
> shouldn't be any permission checks enforced on the pseudo-root, should
> there?
>
The access checks come during the lookup of the pseudo-root. 

For example
     /home/steved/work *(rw,no_root_squash)

This is the  export which causes mountd builds the pseudo-roots of 
     '/', '/home', and '/home/steved'

Now if the no_root_squash is not set on those pseudo-roots the
access bits returned by server will cause the lookup of
/home/steved/work to fail. 

steved.

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux