On 05/29/2012 11:00 AM, Trond Myklebust wrote:
> On Tue, 2012-05-29 at 09:07 -0400, Steve Dickson wrote:
>> If root squashing is turned off on a export that
>> has multiple directories, the parent directories
>> of the pseudo exports that's built, also needs to
>> have root squashing turned off.
>>
>> Signed-off-by: Steve Dickson <steved@xxxxxxxxxx>
>> ---
>> utils/mountd/v4root.c | 9 ++++++++-
>> 1 files changed, 8 insertions(+), 1 deletions(-)
>>
>> diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
>> index 708eb61..ad8a3e7 100644
>> --- a/utils/mountd/v4root.c
>> +++ b/utils/mountd/v4root.c
>> @@ -92,7 +92,14 @@ v4root_create(char *path, nfs_export *export)
>> exp = export_create(&eep, 0);
>> if (exp == NULL)
>> return NULL;
>> - xlog(D_CALL, "v4root_create: path '%s'", exp->m_export.e_path);
>> + /*
>> + * Honor the no_root_squash flag
>> + */
>> + if ((curexp->e_flags & NFSEXP_ROOTSQUASH) == 0)
>> + exp->m_export.e_flags &= ~NFSEXP_ROOTSQUASH;
>> + xlog(D_CALL, "v4root_create: path '%s' flags 0x%x",
>> + exp->m_export.e_path, exp->m_export.e_flags);
>> +
>> return &exp->m_export;
>> }
>
>
> As long as the user is authenticated, why do we care whether or not they
> are squashed to user 'nobody' for authorisation purposes? There
> shouldn't be any permission checks enforced on the pseudo-root, should
> there?
>
The access checks come during the lookup of the pseudo-root.
For example
/home/steved/work *(rw,no_root_squash)
This is the export which causes mountd builds the pseudo-roots of
'/', '/home', and '/home/steved'
Now if the no_root_squash is not set on those pseudo-roots the
access bits returned by server will cause the lookup of
/home/steved/work to fail.
steved.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
