From owner-freebsd-current@freebsd.org Tue Jul 11 11:48:59 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1567FD9CCE6; Tue, 11 Jul 2017 11:48:59 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-QB1-obe.outbound.protection.outlook.com (mail-eopbgr660078.outbound.protection.outlook.com [40.107.66.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AA697709C1; Tue, 11 Jul 2017 11:48:57 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM (10.165.218.133) by YTXPR01MB0191.CANPRD01.PROD.OUTLOOK.COM (10.165.218.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1240.13; Tue, 11 Jul 2017 11:48:55 +0000 Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) by YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) with mapi id 15.01.1240.020; Tue, 11 Jul 2017 11:48:55 +0000 From: Rick Macklem To: Cy Schubert CC: "freebsd-current@freebsd.org" , "rc@freebsd.org" Subject: Re: small patch for /etc/rc.d/nfsd, bugfix or POLA violation? Thread-Topic: small patch for /etc/rc.d/nfsd, bugfix or POLA violation? Thread-Index: AQHS+PJNOXcv/ziVcEC7Kot52D/l26JOhC2z Date: Tue, 11 Jul 2017 11:48:55 +0000 Message-ID: References: Message from Rick Macklem of "Sun, 09 Jul 2017 19:57:22 -0000." , <201707092031.v69KVBSn045623@slippy.cwsent.com> In-Reply-To: <201707092031.v69KVBSn045623@slippy.cwsent.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=none action=none header.from=uoguelph.ca; x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; YTXPR01MB0191; 7:aeEZOz9Qra6OLx8PhD9pKO2IvtllQ60ED6Hgw9URkgWoN67/KQgYm16rxqajgpHpST/PmDIPbMWCTh3G+lc/VmZ3tqrex//kVdsOI7emD2IiT587sUwjYaf3ijvmLmxSPXCvu/EqeI3uYvIBhSloIa0IreBgwZNmTDxfZGk/pMX9m86E7xq1UJldoM9aJyNIdp0AUVrgMrHQ7+m1/2C7eWrqUPUHqll0nxYVmK4GxEL+rncxddzg8W1h+nu7+YtLzOCCDkmOTftApEFu2ZrUXaaRCTcKGdB+2SmMcp69H11AHbq1hALlmJSJ9MBEH5wqUh3WCLqEcpGFfZ3Q+tEthCb/lXVvpKzx/rhx5dSHeNV5oDfTEScvLX/ST8+NHk8OESm0OtP3OLOriH0EZgH/8Z9x8KJIit22QGe0o8xz0jWC0w0lByDfbz0aIS3vWOX/2TbhTuJ11zV1TDdBTYA0jwbjXM1N/ChSeAXMsObXgYXM+WYsHFwmqH1rdxVb7JjWY3JZa5yQXhfRu+2y7pR52nh96VjFg28JZPZNPS6xWDhJfAQUWhGBB2L62qWqce4PTkGZyTmz76U7OKG10Olwvg357wd4X4ztEwatEq7FKqsoegJ4GYSh9K8TQeAwU0nH2gSx6Yvpt30Q0LqFvgEBMN4HuWksq9Mqp9F8oS8TaecDFiSnLvz+HOum7PUpE3boltAIL9KuXu2+K8th0rNiwUk57lbjMNMuQdcY1BLbnQsAi88evC5lhtqbN7cxxvyZBOFk8mlWR41xd34O7IsNzmyMQQkBX5eXbKCo29e92HQ= x-ms-office365-filtering-correlation-id: 27673176-10d6-4e88-04fe-08d4c852cf73 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:YTXPR01MB0191; x-ms-traffictypediagnostic: YTXPR01MB0191: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863)(133145235818549)(236129657087228)(788757137089)(247924648384137); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(2017060910075)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(3002001)(6041248)(20161123555025)(201703131423075)(201702281528075)(201702281529075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(20161123564025)(20161123560025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:YTXPR01MB0191; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:YTXPR01MB0191; x-forefront-prvs: 0365C0E14B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39850400002)(39410400002)(39400400002)(39450400003)(39840400002)(24454002)(77096006)(6506006)(478600001)(33656002)(50986999)(54356999)(102836003)(76176999)(54906002)(110136004)(6246003)(74482002)(74316002)(53936002)(7696004)(14454004)(55016002)(38730400002)(2906002)(5660300001)(2950100002)(189998001)(6916009)(9686003)(4326008)(305945005)(229853002)(25786009)(8936002)(6436002)(3280700002)(8676002)(5890100001)(81166006)(3660700001)(86362001)(299355004); DIR:OUT; SFP:1101; SCL:1; SRVR:YTXPR01MB0191; H:YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jul 2017 11:48:55.7971 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTXPR01MB0191 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jul 2017 11:48:59 -0000 Cy Schubert wrote: >Rick Macklem wrote: >> Hi, >> >> The attached one line patch to /etc/rc.d/nfsd modifies the script so tha= t i=3D >> t >> does not force the nfsuserd to be run when nfsv4_server_enable is set. >> (nfsuserd can still be enabled via nfsuserd_enable=3D3D"YES" is /etc/rc.= conf.=3D >> ) >> >> Here's why I think this patch might be appropriate... >> (a) - The original RFC for NFSv4 (RFC3530) essentially required Owners a= nd >> Owner_groups to be specified as @ and this required >> the nfsuserd daemon to be running. >> (b) - RFC7530, which replace RFC3530, allows a Owner/Owner_group string = to =3D >> be >> the uid/gid number in a string when using AUTH_SYS. This simplifies co= nfi=3D >> guration >> for an all AUTH_SYS/POSIX environment (most NFS uses, I suspect?). >> >> To make the server do (b), two things need to be done: >> 1 - set vfs.nfsd.enable_stringtouid=3D3D1 >> 2 - set vfs.nfsd.enable_uidtostring=3D3D1 (for head, I don't know if it = will =3D >> be MFC'd?) >> OR >> - never run nfsuserd after booting (killing it off after it has been r= unn=3D >> ing is not >> sufficient) >> =3D20 >> Given the above, it would seem that /etc/rc.d/nfsd should not force runn= ing=3D >> of >> the nfsuserd daemon, due to changes in the protocol. >> >> However, this will result in a POLA violation, in that after the patch, = nfs=3D >> userd won't >> start when booting, unless nfsuserd_enable=3D3D"YES" is added to /etc/rc= .conf=3D >> . >> >> So, what do people think about this patch? rick=3D > >How about a warning message + an UPDATING entry + no MFC? And, relnotes = =3D >yes to say we now support RFC7530 in 12.0? Sounds fine to me. I'll wait to see if there are more comments. Thanks, rick