From: bfields@fieldses.org (J. Bruce Fields)
To: Lu Xinyu <luxy.fnst@cn.fujitsu.com>
Cc: linux-nfs@vger.kernel.org
Subject: Re: SGID loss with nfsv3
Date: Mon, 30 Apr 2018 16:16:23 -0400 [thread overview]
Message-ID: <20180430201623.GA3207@fieldses.org> (raw)
In-Reply-To: <f9f2d605-b930-7db8-ad1e-fd189e074e9c@cn.fujitsu.com>
On Wed, Apr 25, 2018 at 02:03:20PM +0800, Lu Xinyu wrote:
> hi, folks
>
>
> I have client and server using nfsv3. The kernels are all 4.16-rc3.
> In client I mount a partition or a disk formatted in xfs/ext4 in
> /nfstest. It seems there is someting wrong with inheritance of sgid. I
> try the following operations in the client.
> > [root@localhost ]#id user1
> > uid=1003(user1) gid=1006(testgroup1)
> groups=1006(testgroup1),1007(testgroup2)
> > [root@localhost ]# mount -t nfs -o vers=3 -o noac
> 192.168.56.9:/data/nfstest /mnt/test/
> > [root@localhost ]# cd /mnt/test/
> > [root@localhost ]# mkdir mainsub
> > [root@localhost ]# setfacl -d -m u:user2:rwx mainsub/
> > [root@localhost ]# chown user1:testgroup1 mainsub/
> > # chmod 2775 mainsub/
> > [root@localhost ]# runuser -u user1 -g testgroup1 mkdir mainsub/subdir1
> > [root@localhost ]# runuser -u user1 -g testgroup2 mkdir mainsub/subdir2
> > [root@localhost ]# ls -l mainsub/
> > drwxrwsr-x+ 2 user1 testgroup1 4096 Mar 6 22:50 subdir1
> > drwxrwxr-x+ 2 user1 testgroup1 4096 Mar 6 22:50 subdir2
>
>
> The subdir2 losts SGID. But if the same operations are applied in the
> xfs or ext4 directedly, the SGID could be interited normally.
>
> > [root@localhost ]# ls -l mainsub/
> > drwxrwsr-x+ 2 user1 testgroup1 4096 Mar 6 22:55 subdir1
> > drwxrwsr-x+ 2 user1 testgroup1 4096 Mar 6 22:55 subdir2
>
> Is this a bug of NFSv3?
>
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef
>
>
> Clear SGID bit when setting file permissions
>
> It seems this patch will clear the nfs sgid. Should we keep it?
Just searching for that commit id.... It looks like this was fixed by
ext4 by a3bb2d5587521eea6dab2d05326abb0afb460abd "ext4: Don't clear SGID
when inheriting ACLs". And there are similar patches for a bunch of
other filesystems.
--b.
>
>
> Xinyu Lu
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-04-30 20:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-25 6:03 SGID loss with nfsv3 Lu Xinyu
2018-04-30 20:16 ` J. Bruce Fields [this message]
2018-05-14 6:43 ` Lu Xinyu
2018-05-14 14:32 ` J. Bruce Fields
[not found] ` <5b6540f4-f744-5e51-c32f-c8809fbfed81@cn.fujitsu.com>
2018-05-15 20:41 ` J. Bruce Fields
2018-05-15 20:42 ` J. Bruce Fields
2018-05-15 21:47 ` Andreas Gruenbacher
2018-05-15 22:05 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180430201623.GA3207@fieldses.org \
--to=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
--cc=luxy.fnst@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.