On Mon, 2005-11-28 at 11:48 -0600, Steve French wrote:
> Why are there no calls to inode_change_ok in nfs (on the client), but
> there are in most other filesytsems? Seems like there are some cases
> in nfs in which a local permission check is done via a call to
> nfs_permission which calls generic_permission ... if that is the case
> why not do a call to inode_change_ok in similar cases?
Under the NFS model, the server manages the permissions, not the client.
The purpose of inode_change_ok() is to perform a load of local checks
which are simply alien to that model:
a) your capabilities don't mean anything to the server. Its decision to
grant the ability to change owner of a file is based on your
credentials, not your capabilities.
b) Even the uid/gid checks don't take into account the fact that the
server may be mapping you into different users/groups (c.f. root
squashing etc.).
All, in all, a call to inode_change_ok() would at best be redundant, and
at worst, be plain incorrect.
Cheers,
Trond
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]