On Fri, Jun 1, 2018 at 3:50 PM, bfields@xxxxxxxxxxxx <bfields@xxxxxxxxxxxx> wrote: > On Fri, Jun 01, 2018 at 03:32:59PM +0200, Miklos Szeredi wrote: >> How do you define "safely"? >> >> Is it safe for root to do >> >> cp -a /nfs/remotedir /tmp/localdir >> >> ? >> >> That's essentially what an overlayfs mount with an NFS layer does with >> respect to access permissions: >> >> - remote files are not modifiable to anyone, unless server allows >> >> - remote files *readable to root* will provide access based on local DAC check. >> >> Does that need to be made clear in the docs? Surely. But it does NOT >> mean it's dangerous or that it's not useful with an arbitrary NFS >> server > > We should definitely have clear documentation, but despite that, in > practice lots of people *will* be surprised when permissions are > enforced differently after copy-up, and those surprises may well have > unpleasant implications. Permissions are enforced exactly the same before and after copy-up. That's one of the good points in doing the permission checks locally. That "cp -a /nfs/remotedir /tmp/localdir" example is almost exactly equivalent to: mount -t overlay -olowerdir=/nfs/remotedir,upperdir=/tmp/upper,... /tmp/localdir except the copy is delayed until modification. Thanks, Miklos -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
