From: Mike Marshall <hubcap@omnibond.com>
To: linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Fwd: [PATCH V3] orangefs: posix open permission checking...
Date: Tue, 26 Nov 2019 17:43:37 -0500 [thread overview]
Message-ID: <CAOg9mSRLCL5FbyPK6KqTWJtJfOuNUXoCHUV2SUoYzOh4N6rEVA@mail.gmail.com> (raw)
In-Reply-To: <CAOg9mSQ5hURb-e-hfg-q5_rgCfBC+wh7Z6mLUS_Tdu6iLquDhg@mail.gmail.com>
---------- Forwarded message ---------
From: Mike Marshall <hubcap@omnibond.com>
Date: Tue, Nov 26, 2019 at 4:02 PM
Subject: Re: [PATCH V3] orangefs: posix open permission checking...
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <hubcap@kernel.org>, linux-fsdevel <linux-fsdevel@vger.kernel.org>
>> I don't know what side effects that "new_op->upcall.uid = 0;" will
>> have on the server side
I believe that the 0 is only used for whatever filesystem operations
(usually one) are required to get this service_operation done.
I think it will only kick in during discrete IO operations
that we've already posixly promised to complete.
I still am looking for a kernel access()-like thing so
I can only use UID 0 when needed - I see your argument about
always doing it...
The orangefs people are interested in this, so they'll be looking
at this last iteration. Thanks for helping me to understand the
right way to look at it from the kernel's perspective.
-Mike
On Tue, Nov 26, 2019 at 2:23 PM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> On Tue, Nov 26, 2019 at 10:50 AM <hubcap@kernel.org> wrote:
> >
> > Here's another version that is hopefully closer to
> > usable...
>
> This looks like it should work.
>
> I don't know what side effects that "new_op->upcall.uid = 0;" will
> have on the server side, and it still looks a bit hacky to me, but at
> least it doesn't have the obvious problems on the client side.
>
> Arguably, if you trust the client, you might as well just *always* do
> that upcall.uid clearing.
>
> And if you don't trust the client, then you'd have to do some NFS-like
> root squash anyway, at which point the uid clearing will actually
> remove permissions and break this situation again.
>
> So I do think this shows a deeper issue still, but at least it is an
> understandable workaround for a non-posix filesystem.
>
> Linus
next prev parent reply other threads:[~2019-11-26 22:43 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-26 18:50 [PATCH V3] orangefs: posix open permission checking hubcap
2019-11-26 19:22 ` Linus Torvalds
[not found] ` <CAOg9mSQ5hURb-e-hfg-q5_rgCfBC+wh7Z6mLUS_Tdu6iLquDhg@mail.gmail.com>
2019-11-26 22:43 ` Mike Marshall [this message]
2019-11-28 15:00 ` Mike Marshall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAOg9mSRLCL5FbyPK6KqTWJtJfOuNUXoCHUV2SUoYzOh4N6rEVA@mail.gmail.com \
--to=hubcap@omnibond.com \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.