[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [nfsv4] proposed slight change to ACCESS and wordsmithing changes for chapter 18 (thru the LINK operation)

To: nfsv4 at ietf.org
Subject: Re: [nfsv4] proposed slight change to ACCESS and wordsmithing changes for chapter 18 (thru the LINK operation)
From: "Mike Eisler" <mre-ietf at eisler.com>
Date: Mon, 7 Apr 2008 16:42:49 -0700 (PDT)
Delivered-to: ietfarch-nfsv4-web-archive at core3.amsl.com
Delivered-to: nfsv4 at core3.amsl.com
In-reply-to: <20080407230436.GJ11219 at fieldses.org>
List-archive: <http://www.ietf.org/pipermail/nfsv4>
List-help: <mailto:nfsv4-request@ietf.org?subject=help>
List-id: NFSv4 Working Group <nfsv4.ietf.org>
List-post: <mailto:nfsv4@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
References: <33002.198.95.226.230.1207605621.squirrel at webmail.eisler.com> <20080407230436.GJ11219 at fieldses.org>
Sender: nfsv4-bounces at ietf.org
User-agent: SquirrelMail/1.4.10a

> On Mon, Apr 07, 2008 at 03:00:21PM -0700, Mike Eisler wrote:
>> http://eisler.com/nfsv4-wg/2008-04-07-ch18_thru_link.html
>>
>> The slight change to ACCESS is require that servers only
>> look at the execute bits when determining if a user can execute
>> the file. The rationale is in the proposed changes.
>
> Seems sensible to me.  (And the path-searching example is interesting.
> Have any users actually stumbled across that kind of problem before?)

I have war stories. The ONTAP NFSv[34] server has always returned
ACCESSx_EXECUTE when uid zero was mapped to zero (i.e. unchanged).
This caused a spectacular problem with an NFS client once.

> Sure is a lot of text, though.

I'm open to suggestions to make it more concise. This is my 4th
major iteration and the 1st was like War & Peace (an apt
metaphor this type of interop issue).

> 	"If the client is sending ACCESS in order to determine if the
> 	user can read the file, the client SHOULD set ACCESS4_READ in
> 	the request's access field."
>
> Do we really need to say this here?

I believe so, because the point is that even though execute bits
allow READ and OPEN for read to succeed, ACCESS (ACCESS4_READ)
is not the way to find that out; ACCESS (ACCESS4_EXECUTE) is the
one true way.

> 	"If the server supports read permission bits, it MUST only check
> 	for read permissions in the mode, acl, and dacl attributes when
> 	it receives an ACCESS request with ACCESS4_READ set the access
> 	field. The server MUST NOT also examine execute permission bits
> 	when determining whether the reply will have ACCESS4_READ set in
> 	the access field or not."
>
> Does this need to be said here?

If you don't have said, then we are open to misinterpretations. E.g.

$ ls -l a.out
ls -l a.out
---x--x--x 1 mre mkgroup-l-d 16642 Mar 31 21:59 a.out

Now, we want

    test -x a.out

to succeed, and

    test -r a.out

to fail, correct?

With the proposed text, we allow programs like 'test' to rely completely
on access()/NFSv4.1 ACCESS to do the right thing, without having
to inspect permission bits.

_______________________________________________
nfsv4 mailing list
nfsv4 at ietf.org
https://www.ietf.org/mailman/listinfo/nfsv4

Follow-Ups:
- Re: [nfsv4] proposed slight change to ACCESS and wordsmithing changes for chapter 18 (thru the LINK operation)
  - From: Trond Myklebust

References:
- [nfsv4] proposed slight change to ACCESS and wordsmithing changes for chapter 18 (thru the LINK operation)
  - From: Mike Eisler
- Re: [nfsv4] proposed slight change to ACCESS and wordsmithing changes for chapter 18 (thru the LINK operation)
  - From: J. Bruce Fields

Prev by Date: Re: [nfsv4] proposed slight change to ACCESS and wordsmithing changes for chapter 18 (thru the LINK operation)
Next by Date: Re: [nfsv4] proposed slight change to ACCESS and wordsmithing changes for chapter 18 (thru the LINK operation)
Previous by thread: Re: [nfsv4] proposed slight change to ACCESS and wordsmithing changes for chapter 18 (thru the LINK operation)
Next by thread: Re: [nfsv4] proposed slight change to ACCESS and wordsmithing changes for chapter 18 (thru the LINK operation)
Index(es):
- Date
- Thread