From owner-freebsd-fs@freebsd.org Fri Feb 28 01:30:52 2020 Return-Path: Delivered-To: freebsd-fs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CDF5A255D77 for ; Fri, 28 Feb 2020 01:30:52 +0000 (UTC) (envelope-from luoqi.chen@gmail.com) Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48TBnR4QCdz3NbS for ; Fri, 28 Feb 2020 01:30:51 +0000 (UTC) (envelope-from luoqi.chen@gmail.com) Received: by mail-oi1-x230.google.com with SMTP id l136so1351172oig.1 for ; Thu, 27 Feb 2020 17:30:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=c8W4YZ/x9GuAyneela/kaArm60/T+KjyY7VMBsmWnHo=; b=R5UyD5XZdLWn2iPclsi9aNU8erqEpijX5nFavSXqWOh07wphmxeF1R8d5WtuZLwigw 207iD+pFetvIiCUq4wf8BKezQvi3IaW7tZuFfwyjPJOIPlyMYLnpykYyxt4UbVW1Pftc IW3pyTL8mfRQ5SZl24X5tifGgV6ZOskziE/zhNpNR+fOjgib2LiwrBPmtg1wHVvcSovl IZ11itAj8SsbpdYhQYM66Pi08+IHx9prXH+odLPXX0UlQJVNrmF3sg92Q4Bg+tQSspeg fSBY6wyqOs0J6u+9Z13ohg2cf8UwMYajWeYqLP5CuCeY9a3hr1WHeepkhH21OnMk20MW GPwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=c8W4YZ/x9GuAyneela/kaArm60/T+KjyY7VMBsmWnHo=; b=AmbmUS8oit5Q8oxjrosjy68Oh46bVZvm83wSFh3bTntin3YED6/ERw/MHPrFizsQms 80jD2x9SMMfWELq+N75lVUDOTqvC/+lXuuRYqofWr+WG+/xFamFmfu8azbiY1rvCPXC2 pAOzkHxCvM1TDg+R70M2tF4ALua0lVVYGorXNZv77mnKK5vT2PP6R8ubmXSIEMa7e1a8 JmMRPYoRg0bBSPpDy6ytHx8Xg92s2E8M3MtKIwuAUYfFtz5n1LG40QAI2ldOZBLYCohg FZKo//gXYsdNVGtDxcp7cgwr6gzBZiTvNMSoQjxMHhObSwwHV8x3dq4uwvgd6OSt6c6D jFvw== X-Gm-Message-State: APjAAAXsCuwafHrRmIUegxpOnLax2javir512zlMLOKJ3mgF2IecbwKa qcKKiGZpulQBZOdc8CEZ3H8juoTvNis+aGkCwzoK4nyaROI= X-Google-Smtp-Source: APXvYqz5ncBQTOGn7eqN95zBfK4TRMPBwWviFqLn6hhfirac71z9zKagDkLcOz514yXKhxSomLXL5PNInuiSmpdhHLo= X-Received: by 2002:aca:af09:: with SMTP id y9mr1353400oie.101.1582853449872; Thu, 27 Feb 2020 17:30:49 -0800 (PST) MIME-Version: 1.0 References: <707243CD-C67E-4DAD-AC5A-68EC11CFFDFD@lysator.liu.se> <6EC06026-DA28-4CAC-8D56-5C7856D4625E@lysator.liu.se> <751dcbf4-9cd6-0d6f-a9d9-38615966cf9d@peak.org> In-Reply-To: <751dcbf4-9cd6-0d6f-a9d9-38615966cf9d@peak.org> From: Luoqi Chen Date: Thu, 27 Feb 2020 17:30:39 -0800 Message-ID: Subject: Re: Linux could write to read only files on FreeBSD NFS server To: Alan Batie Cc: freebsd-fs X-Rspamd-Queue-Id: 48TBnR4QCdz3NbS X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=R5UyD5XZ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of luoqichen@gmail.com designates 2607:f8b0:4864:20::230 as permitted sender) smtp.mailfrom=luoqichen@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-fs@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[0.3.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; IP_SCORE(0.00)[ip: (-7.98), ipnet: 2607:f8b0::/32(-1.88), asn: 15169(-1.67), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Feb 2020 01:30:52 -0000 On Thu, Feb 27, 2020 at 3:40 PM Alan Batie wrote: > On 2/27/20 3:31 PM, Luoqi Chen wrote: > > > Yes, except to leave the read bit(s) on. I can confirm that the write > would > > fail on centos 6/7/8 if all bits are cleared. > > > > That makes no difference: > > [117] $ sh -x ~/nfst > + cat /etc/redhat-release > CentOS release 6.10 (Final) > + df . > Filesystem 1K-blocks Used Available Use% Mounted on > zbackups02.peak.org:/zbackups/zmail03-admin > 5027215872 91682304 4935533568 2% /zbackups > + rm -f x > + touch x > + chmod 444 x > + ls -l x > -r--r--r--. 1 alan root 0 Feb 27 15:38 x > + echo foo > /home/alan/nfst: line 9: x: Permission denied > + cat x > [118] $ > > Sorry, my mistake, the read bit didn't matter, I mistook the error message from `cat x` as the echo failure, which I didn't get but you did, c1n7-154> sh -x rotest.sh + cat /etc/redhat-release CentOS release 6.5 (Final) + uname -a Linux c1n7 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux + mount ++ df . ++ cut '-d ' -f1 ++ tail -1 + grep c1n5:/data c1n5:/data on /net/c1n5/data type nfs (rw,nosuid,nodev,intr,sloppy,vers=4,addr=10.201.2.5,clientaddr=10.201.2.7) + rm -f x + touch x + ls -l x -rw-r--r--. 1 luoqi wheel 0 Feb 27 17:17 x + chmod 0444 x + ls -l x -r--r--r--. 1 luoqi wheel 0 Feb 27 17:17 x + echo aaa + cat x aaa + rm -f x + touch x + ls -l x -rw-r--r--. 1 luoqi wheel 0 Feb 27 17:17 x + chmod 0 x + ls -l x ----------. 1 luoqi wheel 0 Feb 27 17:17 x + echo bbb + cat x cat: x: Permission denied Another linux machine with the latest centos, same outcome, c1n14-314> sh -x rotest.sh + cat /etc/redhat-release CentOS Linux release 8.1.1911 (Core) + uname -a Linux c1n14 4.18.0-147.el8.x86_64 #1 SMP Wed Dec 4 21:51:45 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux + mount ++ df . ++ tail -1 ++ cut '-d ' -f1 + grep c1n5:/data c1n5:/data on /net/c1n5/data type nfs4 (rw,nosuid,nodev,relatime,vers=4.1,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.201.2.14,local_lock=none,addr=10.201.2.5) + rm -f x + touch x + ls -l x -rw-r--r--. 1 luoqi wheel 0 Feb 27 17:15 x + chmod 0444 x + ls -l x -r--r--r--. 1 luoqi wheel 0 Feb 27 17:15 x + echo aaa + cat x aaa + rm -f x + touch x + ls -l x -rw-r--r--. 1 luoqi wheel 0 Feb 27 17:15 x + chmod 0 x + ls -l x ----------. 1 luoqi wheel 0 Feb 27 17:15 x + echo bbb + cat x cat: x: Permission denied The freebsd server is running, c1n5-45> uname -a FreeBSD c1n5 12.1-RELEASE-p1 FreeBSD 12.1-RELEASE-p1 GENERIC amd64