Re: [RFC] FUSE permission modell (Was: fuse review bits)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 12, 2005 at 17:13:03 +0100, Jamie Lokier wrote:
> Miklos Szeredi wrote:
> > > Note that NFS checks the permissions on _both_ the client and server,
> > > for a reason.
> > 
> > Does it?  If I read the code correctly the client checks credentials
> > supplied by the server (or cached).  But the server does the actual
> > checking of permissions.
> > 
> > Am I missing something?
> 
> Yes, for NFSv2, this test in nfs_permssion():
> 
> 	if (!NFS_PROTO(inode)->access)
> 		goto out;
> 
> And for either version of NFS, if the uid and gid are non-zero, and
> the permission bits indicate that an access is permitted, then the
> client does not consult the server for permission.

... but that clearly says that it checks the permissions on *either*
cleint *or* server. Not all requests are passed to the server and there
the client only checks the permission bits, even if the credentials are
different than what was originally used to obtain the information.

-------------------------------------------------------------------------------
						 Jan 'Bulb' Hudec <[email protected]>

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux