Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!spool.mu.edu!howland.reston.ans.net!newsfeed.internetmci.com!inet-nntp-gw-1.us.oracle.com!news.caldera.com!news.cc.utah.edu!park.uvsc.edu!usenet From: Terry Lambert <terry@lambert.org> Newsgroups: comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc Subject: Re: NFS woes Date: 13 Jan 1996 07:40:43 GMT Organization: Utah Valley State College, Orem, Utah Lines: 50 Message-ID: <4d7nls$etu@park.uvsc.edu> References: <qyivihla5i.fsf@scotch.eua.ericsson.se> NNTP-Posting-Host: hecate.artisoft.com Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:12484 comp.unix.bsd.netbsd.misc:1937 seb@erix.ericsson.se (Sebastian Strollo) wrote: ] [This problem probably exists on more OS:s than {Free,Net}BSD, but that ] is what I am using.] ] ] At our site we have our home directory mounted over nfs with the ] -maproot=nobody (a not to unusual way of having it(?)). But it seems ] that if a file that e.g. has permisions 0600 and owned by a user is in ] the cache root can read it? Below is an example (with my home ] directory NFS mounted). I am permitted to create a file with such a mode as will preclude me reopening it, yet continue to have it open as a result of the create. NFS accounts for this by treating the open instance seperately. Remember that when an operation occurs that violates the modes on a locally open file, the existing descriptor to the file constitutes defacto state for the file. That is, access controls are associated with the open instance, not with the on disk inode when checking is performed. Because NFS is stateless, it must make an exception to the allowed semantic to prevent the statelessness from preventing the access. In other words, it assumed that the access would be enforced by the client and disabled it on the server. This is a case of nfs file number vs. lookup enforcement at time of open. So either "don't do that" or "don't use NFS if you must do that". If you "must do that and must use NFS"... well, quit yer bitchin'. 8-). There are at least 6 or 8 similar "anomolies" based on the statelessness of NFS and the inherent statefulness of some file system operations. For instance, you can escape a chroot fairly easily (think about it). Terry Lambert terry@cs.weber.edu --- Any opinions in this posting are my own and not those of my present or previous employers.