From owner-freebsd-fs@freebsd.org Thu Feb 27 23:40:13 2020 Return-Path: Delivered-To: freebsd-fs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5BD9C253429 for ; Thu, 27 Feb 2020 23:40:13 +0000 (UTC) (envelope-from alan@peak.org) Received: from filter05.peak.org (filter05.peak.org [69.59.194.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "*.redcondor.net", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48T8Km0fr7z4G8v for ; Thu, 27 Feb 2020 23:40:11 +0000 (UTC) (envelope-from alan@peak.org) Received: from zmail-mta02.peak.org ([207.55.16.112]) by filter05.peak.org ({27dbf508-291b-4a6b-93f5-d568f05dc56a}) via TCP (outbound) with ESMTPS id 20200227233945445_0000; Thu, 27 Feb 2020 15:39:45 -0800 X-RC-FROM: Received: from localhost (localhost [127.0.0.1]) by zmail-mta02.peak.org (Postfix) with ESMTP id 80B8D4C4D6; Thu, 27 Feb 2020 15:39:38 -0800 (PST) Received: from zmail-mta02.peak.org ([127.0.0.1]) by localhost (zmail-mta02.peak.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id CpLB07yCmYxT; Thu, 27 Feb 2020 15:39:38 -0800 (PST) Received: from mailproxy-lb-05.peak.org (mailproxy-lb-05.peak.org [207.55.17.95]) by zmail-mta02.peak.org (Postfix) with ESMTP id 667C94C4B2; Thu, 27 Feb 2020 15:39:38 -0800 (PST) Subject: Re: Linux could write to read only files on FreeBSD NFS server To: Luoqi Chen Cc: freebsd-fs References: <707243CD-C67E-4DAD-AC5A-68EC11CFFDFD@lysator.liu.se> <6EC06026-DA28-4CAC-8D56-5C7856D4625E@lysator.liu.se> From: Alan Batie Message-ID: <751dcbf4-9cd6-0d6f-a9d9-38615966cf9d@peak.org> Date: Thu, 27 Feb 2020 15:39:37 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms060509080102040905050203" X-MAG-OUTBOUND: peakinternet.redcondor.net@207.55.16/22 X-Rspamd-Queue-Id: 48T8Km0fr7z4G8v X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=peak.org; spf=pass (mx1.freebsd.org: domain of alan@peak.org designates 69.59.194.81 as permitted sender) smtp.mailfrom=alan@peak.org X-Spamd-Result: default: False [-5.01 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; SIGNED_SMIME(-2.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; HAS_ATTACHMENT(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[peak.org,none]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_IN_DNSWL_LOW(-0.10)[81.194.59.69.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:395796, ipnet:69.59.194.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-0.01)[country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Feb 2020 23:40:13 -0000 This is a cryptographically signed message in MIME format. --------------ms060509080102040905050203 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2/27/20 3:31 PM, Luoqi Chen wrote: > Yes, except to leave the read bit(s) on. I can confirm that the write w= ould > fail on centos 6/7/8 if all bits are cleared. >=20 That makes no difference: [117] $ sh -x ~/nfst + cat /etc/redhat-release CentOS release 6.10 (Final) + df . Filesystem 1K-blocks Used Available Use% Mounted on zbackups02.peak.org:/zbackups/zmail03-admin 5027215872 91682304 4935533568 2% /zbackups + rm -f x + touch x + chmod 444 x + ls -l x -r--r--r--. 1 alan root 0 Feb 27 15:38 x + echo foo /home/alan/nfst: line 9: x: Permission denied + cat x [118] $ --------------ms060509080102040905050203 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC C2swggTgMIIDyKADAgECAhBUdCKrz7BUVHpHGYaNdgQcMA0GCSqGSIb3DQEBCwUAMIGNMQsw CQYDVQQGEwJJVDEQMA4GA1UECAwHQmVyZ2FtbzEZMBcGA1UEBwwQUG9udGUgU2FuIFBpZXRy bzEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxLDAqBgNVBAMMI0FjdGFs aXMgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIENBIEcyMB4XDTE5MTIxMTE5MDcxNloXDTIwMTIx MTE5MDcxNlowGDEWMBQGA1UEAwwNYWxhbkBwZWFrLm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAJ1Gw0aKu1wno1Vb1MKlI+soIv5Ph03B7gUcg350uVwjm527faMnnV1D TZ415jn4Q5MHjIS5xjFUVJwM0DGOm+aNr0tFPOEL8Y8t2w5KCs7D4ikYderuv57WTwMgjDDY mOI9cUqs+npoFBcFTzx+RunErd8d22EEq61H7Ypyi+ltb4rZweE7KnaS5kgRovJXg8ii90ze dytd96JlTx8+oripPBaG+6RTlZxrQusbvSZpwjEv8xYa3Eh45Z2tBc1xcHNzvaDhprP01OA3 Yx4lIpSxIcAD23vtgjGhU9zycLqbutVpfaLrq3EwzGA7d6Xx97jsrXpCSHYd0TX2OkQKyPcC AwEAAaOCAa4wggGqMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUa/KNnmjBJQQfUTRX9hZc lOpNaRowfgYIKwYBBQUHAQEEcjBwMDsGCCsGAQUFBzAChi9odHRwOi8vY2FjZXJ0LmFjdGFs aXMuaXQvY2VydHMvYWN0YWxpcy1hdXRjbGlnMjAxBggrBgEFBQcwAYYlaHR0cDovL29jc3Aw OS5hY3RhbGlzLml0L1ZBL0FVVEhDTC1HMjAYBgNVHREEETAPgQ1hbGFuQHBlYWsub3JnMEcG A1UdIARAMD4wPAYGK4EfARgBMDIwMAYIKwYBBQUHAgEWJGh0dHBzOi8vd3d3LmFjdGFsaXMu aXQvYXJlYS1kb3dubG9hZDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwSAYDVR0f BEEwPzA9oDugOYY3aHR0cDovL2NybDA5LmFjdGFsaXMuaXQvUmVwb3NpdG9yeS9BVVRIQ0wt RzIvZ2V0TGFzdENSTDAdBgNVHQ4EFgQU4WAWRmEM5pxYuaRqT1VOZP+87GwwDgYDVR0PAQH/ BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQAFrqbTZz6FiybHjpkR8a/eVtKR6ZTBnFE4f73m 0WC6mqryp4UKkTGl3Id/M1s54aH5Qof+x08Jlb7BgOh1VkjJNIPLWDY6qdZj/idf7DcwGMWN vXevh2QsMjJahnWOuedx+VPJybHfSLnc0iO6xXBrgbbNX6BdTidWbcaT/skBfBygtCy9KVm/ +5CR5NqVDxpmgrWlJsUkYMXaO0jvbCcEvY9LQ9nyMPPK/ttQU9XNNsarBC8cKcX95iL7rgTw AQ1r39pDjyZLC1+bMZqjUleJbpRiiBv6iXb4rFVkXg1R5LFOCX5n1ZtKk8loEFptGtaF+LCw lTtITblJ2dlelQZ3MIIGgzCCBGugAwIBAgIQT94QS+2VW96LrWWHzEFe4zANBgkqhkiG9w0B AQsFADBrMQswCQYDVQQGEwJJVDEOMAwGA1UEBwwFTWlsYW4xIzAhBgNVBAoMGkFjdGFsaXMg Uy5wLkEuLzAzMzU4NTIwOTY3MScwJQYDVQQDDB5BY3RhbGlzIEF1dGhlbnRpY2F0aW9uIFJv b3QgQ0EwHhcNMTkwOTIwMDcxMjA1WhcNMzAwOTIyMTEyMjAyWjCBjTELMAkGA1UEBhMCSVQx EDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRlIFNhbiBQaWV0cm8xIzAhBgNVBAoM GkFjdGFsaXMgUy5wLkEuLzAzMzU4NTIwOTY3MSwwKgYDVQQDDCNBY3RhbGlzIENsaWVudCBB dXRoZW50aWNhdGlvbiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALdo c3rZPNQv+9xnyj3OlHz/iRnO2hpj8xlHkCdYKNwnRabAT6J0RA11A3ZkQiEZEw66B99ES7Ez v9IRBYmIwsr720lUptObF5L3yVzl3nzaittXwWsq+CQoDEci1cKkWF5SiO22+Np2Epu2HFxk w5nXMnZibrqnC6hUGsFogTDUUVRIuLlublwWYFhpqvDaCh//ucRgRW3+rTU1nBoT1XHkXrLs Cteefjoh+o01tNTWvGi4+3OyABidGPXuoYh7UbYX1u0sG1O8rO92t5zV7/Cr/Vza9EbySh6D rCqsY333sNxikKzFyBwebZv43t1xJyMVE/CRt7BLJOyHxd1Yq0sCAwEAAaOCAf4wggH6MA8G A1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbtifN7OHCUyQICNtAwQQYIKwYB BQUHAQEENTAzMDEGCCsGAQUFBzABhiVodHRwOi8vb2NzcDA1LmFjdGFsaXMuaXQvVkEvQVVU SC1ST09UMEUGA1UdIAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5h Y3RhbGlzLml0L2FyZWEtZG93bmxvYWQwJwYDVR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwME BggrBgEFBQcDCTCB4wYDVR0fBIHbMIHYMIGWoIGToIGQhoGNbGRhcDovL2xkYXAwNS5hY3Rh bGlzLml0L2NuJTNkQWN0YWxpcyUyMEF1dGhlbnRpY2F0aW9uJTIwUm9vdCUyMENBLG8lM2RB Y3RhbGlzJTIwUy5wLkEuJTJmMDMzNTg1MjA5NjcsYyUzZElUP2NlcnRpZmljYXRlUmV2b2Nh dGlvbkxpc3Q7YmluYXJ5MD2gO6A5hjdodHRwOi8vY3JsMDUuYWN0YWxpcy5pdC9SZXBvc2l0 b3J5L0FVVEgtUk9PVC9nZXRMYXN0Q1JMMB0GA1UdDgQWBBRr8o2eaMElBB9RNFf2FlyU6k1p GjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAGBEuhmiq3L7DkGaRMG6FTm9 na4v3ya3KW+xkhFvSZgPinqeBi5qfV+dCL/BCuO/JMH9mgI5z57DnYiLQC3CIHnEtalcTfhG PleRgjRMuFQLAeYM5UAZiiPT+D8S7faZ0CZ3glRLw51QTGQJZSC+bN7mgoiBG/HmGahvLWjl kjNZ6o6AmVC3HIV1mGowamiYNEVDmen+SAdJW9uhwP+xFFZodZ0lYJQ6FHg+3pSDVx6YdM94 n9e9tlMnXKB+CY92WmPXbUOMCUjYUmTsxEu9lJEusHv+eehThrO6HiVrkHvEathHnkhphpYm SlG2KOIwfwtqJjJ9C+EMCOcDDa1ndhUTVFMMTAZmyWLRGg0U0O9hzwPA520ZL0Q0iZI7E6Kl OmaQZQX+LORMK4V6hVW9qzPZhgjw2SYux8N8vAWA/3d4ky+j1uVIzk0qRXJ0iD+B1uTyOjEx 15fmm+mowp7ycOhNUxi4d8ycqb+QkPBbZtM+zCi7eWa9hOI6I2V3mZ9bFKUqonWcqfZhvy2D EZhzJLYQ0Zw5ztrR7+fmDjuHFBG07eQcMBOUT46qL7J3ncneUooyCvpNTAlxSzE3xEc96lDd 4v38Lnl3BsuIxH9p/xb2LBGNxgR12QjFVj33wX25fyE47PUPTRt+2wBJv5oNsjatNjS4w20C CoLfVtGgVPUrMYIEFzCCBBMCAQEwgaIwgY0xCzAJBgNVBAYTAklUMRAwDgYDVQQIDAdCZXJn YW1vMRkwFwYDVQQHDBBQb250ZSBTYW4gUGlldHJvMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5B Li8wMzM1ODUyMDk2NzEsMCoGA1UEAwwjQWN0YWxpcyBDbGllbnQgQXV0aGVudGljYXRpb24g Q0EgRzICEFR0IqvPsFRUekcZho12BBwwDQYJYIZIAWUDBAIBBQCgggJFMBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIwMDIyNzIzMzkzN1owLwYJKoZIhvcN AQkEMSIEIOb9GrkE7v51PZYefSwh8KNJ3Jy6yWDuQ+ypPugHqhWKMGwGCSqGSIb3DQEJDzFf MF0wCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgIC AIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgbMGCSsGAQQBgjcQ BDGBpTCBojCBjTELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBv bnRlIFNhbiBQaWV0cm8xIzAhBgNVBAoMGkFjdGFsaXMgUy5wLkEuLzAzMzU4NTIwOTY3MSww KgYDVQQDDCNBY3RhbGlzIENsaWVudCBBdXRoZW50aWNhdGlvbiBDQSBHMgIQVHQiq8+wVFR6 RxmGjXYEHDCBtQYLKoZIhvcNAQkQAgsxgaWggaIwgY0xCzAJBgNVBAYTAklUMRAwDgYDVQQI DAdCZXJnYW1vMRkwFwYDVQQHDBBQb250ZSBTYW4gUGlldHJvMSMwIQYDVQQKDBpBY3RhbGlz IFMucC5BLi8wMzM1ODUyMDk2NzEsMCoGA1UEAwwjQWN0YWxpcyBDbGllbnQgQXV0aGVudGlj YXRpb24gQ0EgRzICEFR0IqvPsFRUekcZho12BBwwDQYJKoZIhvcNAQEBBQAEggEAdO9J3Vn6 j8HsF5azy9PPGPiqzBPg5cozfNnn+FKLNKEh1Lmm1CHdR71kBA1x7XGIDk/PU1DcN4BjOR+E hPzcMUN6zBtFV8XFp0DjT4KnxVRCDNxnQkDgZ+63jygEaa0Pc62TBeH2kvHS6wfs+2X44hJa hWrn/jikmFrUWGSAWnZkc+duV9t3nC42885Ku2xC4dNYeUuVfXHM7dIz3zV5GVt3/aS3geya BJkCUgwLL3n0+5N8CDnrFGKJFfJykChjCfjSAFfEXhS31fIwrXvHxNq15farHKFhs+m3Pzxp FRi5O9vW2PcmWfOEcpLUp5qdHMdNbCyerq4a0hntvZYNyAAAAAAAAA== --------------ms060509080102040905050203--