> On Wed, Jun 25, 2014 at 5:56 PM, Frank Filz <ffilzlnx@xxxxxxxxxxxxxx> > wrote: > > Back a year ago or so, I ran the following test against Ganesha: > > > > http://www.tuxera.com/community/posix-test-suite/ > > > > On NFS v4, one of the issues it tripped over was execute only files. > > Apparently the Linux v4 client doesn't make ACCESS calls in > > conjunction with an open system call, with the result that you can > > open an execute only file (per RFC 3530bis, the server is allowing > > such to allow clients to execute executables). > > That information is outdated. A wireshark dump should show that recent > Linux kernels include an ACCESS operation as part of the open() COMPOUND > and that it uses that information to distinguish between executable and read > access permissions. Oh, cool, do you know when that went in? I'll go look and see if I can find it... > > We tripped over this issue again in some of our testing. > > > > One bit that I don't actually understand is how the kernel > > differentiates between bash (etc) issuing an open system call to load > > a script and vi trying to browse same script... > > > > I had done some testing executing shell scripts and such and saw some > > inconsistency. Now, trying things, I can't seem to run a bash script > > that is execute only (local, v3, or v4), but can run a compiled binary > > that is execute only (local, v3, and v4), so I'm not sure what the deal is... > > The deal is that shell scripts require read permissions because the shell needs > to be able to open and read them. Ok, that does actually make sense. I could have sworn I used to be able to run execute only shell scripts from non-root user, but my memory has been known to be faulty. > [trondmy@leira ~]$ cat >script.sh > #!/bin/bash > # > echo "foo" > [trondmy@leira ~]$ chmod 0111 script.sh > [trondmy@leira ~]$ ./script.sh > /bin/bash: ./script.sh: Permission denied [trondmy@leira ~]$ chmod 0555 > script.sh [trondmy@leira ~]$ ./script.sh foo Thanks Frank -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
