NFSv4 client does not allow you to execute a file with no read permission.

NFSv4 client does not allow you to execute a file with no read permission.

[NeilBrown]

[-- Attachment #1: Type: text/plain, Size: 1501 bytes --]


[resending - with more current address for Trond :-]

If there is a file on the server with permissions --x--x--x,
then if I mount with NFSv3 I (as a non-root user) can run it.
However if I mount with NFSv4 I cannot.

This is with a sufficiently recent server kernel which fixes that server-side
bug that caused a problem with this scenario.

I think the bug was introduced by commit cd9a1c0e5ac68
    NFSv4: Clean up nfs4_atomic_open

which added a new call to nfs_may_open.

The problem is that nfs_intent_set_file calls nfs_may_open passing
intent.open.flags which contains O_RDONLY (i.e. 0).  This is mapped
to FMODE_READ before being passed to nfs_do_access.
As I don't have read access, the exec fails.

I can "fix it" with

diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index eedd24d..15a718b 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -2278,12 +2278,12 @@ static int nfs_open_permission_mask(int openflags)
 {
 	int mask = 0;
 
-	if ((openflags & O_ACCMODE) != O_WRONLY)
-		mask |= MAY_READ;
 	if ((openflags & O_ACCMODE) != O_RDONLY)
 		mask |= MAY_WRITE;
 	if (openflags & __FMODE_EXEC)
 		mask |= MAY_EXEC;
+	else if ((openflags & O_ACCMODE) != O_WRONLY)
+		mask |= MAY_READ;
 	return mask;
 }
 
so we don't ask for READ permission if we are asking for EXEC permission.
I suspect this may not be the right fix.  I'm just presenting it to help
focus on whether the problem seems to be.

Is there a better way to fix this?

Thanks,
NeilBrown

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 828 bytes --]

NFSv4 client does not allow you to execute a file with no read permission.

[NeilBrown]

[-- Attachment #1: Type: text/plain, Size: 1445 bytes --]


If there is a file on the server with permissions --x--x--x,
then if I mount with NFSv3 I (as a non-root user) can run it.
However if I mount with NFSv4 I cannot.

This is with a sufficiently recent server kernel which fixes that server-side
bug that caused a problem with this scenario.

I think the bug was introduced by commit cd9a1c0e5ac68
    NFSv4: Clean up nfs4_atomic_open

which added a new call to nfs_may_open.

The problem is that nfs_intent_set_file calls nfs_may_open passing
intent.open.flags which contains O_RDONLY (i.e. 0).  This is mapped
to FMODE_READ before being passed to nfs_do_access.
As I don't have read access, the exec fails.

I can "fix it" with

diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index eedd24d..15a718b 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -2278,12 +2278,12 @@ static int nfs_open_permission_mask(int openflags)
 {
 	int mask = 0;
 
-	if ((openflags & O_ACCMODE) != O_WRONLY)
-		mask |= MAY_READ;
 	if ((openflags & O_ACCMODE) != O_RDONLY)
 		mask |= MAY_WRITE;
 	if (openflags & __FMODE_EXEC)
 		mask |= MAY_EXEC;
+	else if ((openflags & O_ACCMODE) != O_WRONLY)
+		mask |= MAY_READ;
 	return mask;
 }
 
so we don't ask for READ permission if we are asking for EXEC permission.
I suspect this may not be the right fix.  I'm just presenting it to help
focus on whether the problem seems to be.

Is there a better way to fix this?

Thanks,
NeilBrown

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 828 bytes --]