Hi Frank On Wed, Jun 25, 2014 at 5:56 PM, Frank Filz <ffilzlnx@xxxxxxxxxxxxxx> wrote: > Back a year ago or so, I ran the following test against Ganesha: > > http://www.tuxera.com/community/posix-test-suite/ > > On NFS v4, one of the issues it tripped over was execute only files. > Apparently the Linux v4 client doesn't make ACCESS calls in conjunction with > an open system call, with the result that you can open an execute only file > (per RFC 3530bis, the server is allowing such to allow clients to execute > executables). That information is outdated. A wireshark dump should show that recent Linux kernels include an ACCESS operation as part of the open() COMPOUND and that it uses that information to distinguish between executable and read access permissions. > > We tripped over this issue again in some of our testing. > > One bit that I don't actually understand is how the kernel differentiates > between bash (etc) issuing an open system call to load a script and vi > trying to browse same script... > > I had done some testing executing shell scripts and such and saw some > inconsistency. Now, trying things, I can't seem to run a bash script that is > execute only (local, v3, or v4), but can run a compiled binary that is > execute only (local, v3, and v4), so I'm not sure what the deal is... The deal is that shell scripts require read permissions because the shell needs to be able to open and read them. [trondmy@leira ~]$ cat >script.sh #!/bin/bash # echo "foo" [trondmy@leira ~]$ chmod 0111 script.sh [trondmy@leira ~]$ ./script.sh /bin/bash: ./script.sh: Permission denied [trondmy@leira ~]$ chmod 0555 script.sh [trondmy@leira ~]$ ./script.sh foo -- Trond Myklebust Linux NFS client maintainer, PrimaryData trond.myklebust@xxxxxxxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
