From owner-freebsd-fs@freebsd.org Thu Feb 27 19:19:51 2020 Return-Path: Delivered-To: freebsd-fs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 69DF724B676 for ; Thu, 27 Feb 2020 19:19:51 +0000 (UTC) (envelope-from luoqi.chen@gmail.com) Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48T2YK4LTxz3Ccn for ; Thu, 27 Feb 2020 19:19:49 +0000 (UTC) (envelope-from luoqi.chen@gmail.com) Received: by mail-ot1-x32f.google.com with SMTP id x97so256538ota.6 for ; Thu, 27 Feb 2020 11:19:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ET/QvkHNySft7xt3vrsLaCFezEg2seeGzpfLiXbmpXY=; b=H7GEUApFrrGM7TnBxczkk+mAgPuUnWb9WDDE1xmdYTlUk1pd6pmFwRvl7GcPVkdB55 IM80VeHkjDquRCD/hIwXZGCnqKUXaq+Yw19D8QCZSpUCR0cIkTmuhtaMDQGhtUahJs0O azYOVf5Vqlok8aWN9H2PSwV9IyLcwEdwECMjLq/cuP2FfzgfjgAM/geiZxvdwQx+1fzh 2DJe5TLv4zfeChfclQt9Kh+nrP0Lmxsaw3d44aXqVAg5EtYQrI0KS8mv5F6m5HUNhtdd RV8gF20fffwKeJiEfYUbSdxImyRU7wxP2VMBLRk0fq9ncxtazFAZvM/Mm9qVWl/APJTm fdVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ET/QvkHNySft7xt3vrsLaCFezEg2seeGzpfLiXbmpXY=; b=SYjnbplkgilzyGgs8ym4Jm+peAXPumX/2XorRcGKKR6YPWjWbXcxsGvLSyvErZVFhQ /bRSqNV1J8RZwQycQ9jhl+zrBGfxajLJ9W9SSp7fFnFNNSMwBTHRtIIAigIXR4fNVB3u tlqO869qPOz8laPD2XDhVV1nI7XTH7sNEnjNpmfJoPCDTaWE9C1S0pzVDij8qmk61L9C SiFXJ2aGBWsf96PHwFRI2fm7+2jt/pqYBw3hZwSZdODT1bkPOUqMXStFM04QBGg7VdLs JnuQPTklo41p/E3R+7dUWYOFpUrI92xL9XEjAwuKLS76yapDZ/AD7zl6WdG/jWG/nF80 OOwg== X-Gm-Message-State: APjAAAUH27pwOk38tG2/rde7ovf9MGIbiy86fyaQusVVtSf7S9cuq747 ImwvNIB6bcSQZlU/mPS0QKaFq3EwORGLvXAdZp4= X-Google-Smtp-Source: APXvYqy//+FWpXsKlXw35dc70Z3ss7CDWR0N77vIG21agEBVemqgLRbxu8tqtwpGQKfO1aZ6oqlQGrtuNW/08XJhWq0= X-Received: by 2002:a9d:5e82:: with SMTP id f2mr351663otl.240.1582831188121; Thu, 27 Feb 2020 11:19:48 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Luoqi Chen Date: Thu, 27 Feb 2020 11:19:38 -0800 Message-ID: Subject: Re: Linux could write to read only files on FreeBSD NFS server To: jdelisle Cc: freebsd-fs X-Rspamd-Queue-Id: 48T2YK4LTxz3Ccn X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=H7GEUApF; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of luoqichen@gmail.com designates 2607:f8b0:4864:20::32f as permitted sender) smtp.mailfrom=luoqichen@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; URI_COUNT_ODD(1.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-7.72), ipnet: 2607:f8b0::/32(-1.88), asn: 15169(-1.67), country: US(-0.05)]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-fs@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[f.2.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Feb 2020 19:19:51 -0000 I gather you haven't tried the script -- I didn't bother to include more details because they didn't seem to matter, this is not some corner case scenario. My guess is this is something fundamental, like, linux expects the server side to enforce the access control while freebsd assumes that the client has already done the check. On Thu, Feb 27, 2020 at 10:40 AM jdelisle wrote: > I feel like this is missing a lot of important information needed to > answer your question. > > What's your NFS mount command? What user are you running that script as? > What do the permissions look like on the NFS server side? What does your > NFS export look like? etc.. > > On Thu, Feb 27, 2020 at 11:42 AM Luoqi Chen wrote: > >> Hi, >> >> This was actually a pretty old problem, I noticed it a few years back and >> have been monitoring it when I upgrade the os on either the linux or the >> freebsd side -- it's still present between the latest centos and freebsd >> as >> of today. I meant to look into this issue myself, but had never found time >> for it, that's why I'm writing to this list, maybe it's a known problem or >> someone's willing to spend some time on it. >> >> And here you go, the problem, >> >> % cat ~/rotest.sh >> #!/bin/sh >> cp /dev/null x >> getfacl x >> chmod -w x >> getfacl x >> echo aaa >> x >> echo status $? >> cat x >> rm -f x >> % sh ~/rotest.sh >> # file: x >> # owner: luoqi >> # group: wheel >> user::rw- >> group::r-- >> other::r-- >> >> # file: x >> # owner: luoqi >> # group: wheel >> user::r-- >> group::r-- >> other::r-- >> >> status 0 >> aaa >> >> The script was run on a centos inside a directory nfs mounted from a >> freebsd. The append would fail for a centos/centos or a freebsd/freebsd >> combo. It's very easy to reproduce, it doesn't depend on any specific >> centos or freebsd version, nor on nfs version 3 or 4, nor on underlying >> file system ffs or zfs. >> >> -luoqi >> _______________________________________________ >> freebsd-fs@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-fs >> To unsubscribe, send any mail to "freebsd-fs-unsubscribe@freebsd.org" >> >