On Wed, 2012-10-03 at 11:13 -0400, J. Bruce Fields wrote:
> On Wed, Oct 03, 2012 at 01:46:29PM +1000, NeilBrown wrote:
> > On Tue, 2 Oct 2012 10:33:34 -0400 "J. Bruce Fields" <bfields@xxxxxxxxxxxx>
> > wrote:
> >
> > > I guess you're right. So it starts to sound more like: "you have a
> > > confusing setup. Your export configuration says one thing, and your
> > > filesystem permissions say another. Under NFSv3 the confusion didn't
> > > matter, but now it does--time to fix it."
> > >
> >
> > That's the best I could come to - I'm glad to have it confirmed. Thanks!
> >
> > It is unfortunate that Linux NFS uses an anon credential to mount when krb5
> > is in use, and uses 'root' when auth_sys is used (which might be anon if
> > "root_squash" is active, but might not).
> > I wonder if it would work to use auth_none for the mount-time lookup, just
> > for consistency..
> >
> > Is the following appropriate? Is there somewhere better to put this caveat?
>
> Unfortunately, it's more complicated than this, as it depends on client
> implementation and configuration details.
>
> Something like this would be more accurate but possibly too long:
>
> Note that under NFSv2 and NFSv3, the mount path is traversed by
> mountd acting as root, but under NFSv4 the mount path is looked
> up using the client's credentials. This means that, for
> example, if a client mounts using a krb5 credential that the
> server maps to an "anonmyous" user, then the mount will only
> succeed if that directory and all its parents allow eXecute
> permissions.
So you're listing this as a "feature" rather than a bug? There should be
no reason to constrain the pseudofs to use the permission checks from
the underlying filesystem.
--
Trond Myklebust
Linux NFS client maintainer
NetApp
Trond.Myklebust@xxxxxxxxxx
www.netapp.com
��.n��������+%�������w��{.n�����{��w����jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
