Re: Execute only permission issue with client

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Frank

On Wed, Jun 25, 2014 at 5:56 PM, Frank Filz <ffilzlnx@xxxxxxxxxxxxxx> wrote:
> Back a year ago or so, I ran the following test against Ganesha:
>
> http://www.tuxera.com/community/posix-test-suite/
>
> On NFS v4, one of the issues it tripped over was execute only files.
> Apparently the Linux v4 client doesn't make ACCESS calls in conjunction with
> an open system call, with the result that you can open an execute only file
> (per RFC 3530bis, the server is allowing such to allow clients to execute
> executables).

That information is outdated. A wireshark dump should show that recent
Linux kernels include an ACCESS operation as part of the open()
COMPOUND and that it uses that information to distinguish between
executable and read access permissions.

>
> We tripped over this issue again in some of our testing.
>
> One bit that I don't actually understand is how the kernel differentiates
> between bash (etc) issuing an open system call to load a script and vi
> trying to browse same script...
>
> I had done some testing executing shell scripts and such and saw some
> inconsistency. Now, trying things, I can't seem to run a bash script that is
> execute only (local, v3, or v4), but can run a compiled binary that is
> execute only (local, v3, and v4), so I'm not sure what the deal is...

The deal is that shell scripts require read permissions because the
shell needs to be able to open and read them.

[trondmy@leira ~]$ cat >script.sh
#!/bin/bash
#
echo "foo"
[trondmy@leira ~]$ chmod 0111 script.sh
[trondmy@leira ~]$ ./script.sh
/bin/bash: ./script.sh: Permission denied
[trondmy@leira ~]$ chmod 0555 script.sh
[trondmy@leira ~]$ ./script.sh
foo

-- 
Trond Myklebust

Linux NFS client maintainer, PrimaryData

trond.myklebust@xxxxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux