Subject: kern/10845: Broken NFS permissions checking when -mapall=user is used.
To: None <gnats-bugs@gnats.netbsd.org>
From: None <scw@netbsd.org>
List: netbsd-bugs
Date: 08/16/2000 04:38:15
>Number:         10845
>Category:       kern
>Synopsis:       Broken NFS permissions checking when -mapall=user is used.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 16 04:39:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Steve Woodford
>Release:        NetBSD-1.5_ALPHA2
>Organization:
NetBSD
>Environment:
	NetBSD NFS Server,
	Solaris NFS Clients
System: NetBSD haggis 1.5_ALPHA2 NetBSD 1.5_ALPHA2 (HAGGIS) #0: Wed Aug 16 08:23:13 BST 2000 swoodfor@haggis:/u0/netbsd/src/sys/arch/i386/compile/HAGGIS i386


>Description:
When a NetBSD file-system is NFS exported with the -mapall=nobody (for example)
option in the /etc/exports file, you would expect that NFS clients would be
able to change certain attributes of files on that FS which are owned by
`nobody'.

Currently, when the NFS client issues a utimes(2) system call on a file
it just created on the NFS file-system, that system call returns EACCESS.
Presumably the server is not taking the -mapall=nobody into account when
evaluating permission for that operation.

It's likely this affects other operations, as a coworker just reported having
the same problem with chmod(1)...
>How-To-Repeat:
Make an entry in an NFS server's /etc/exports with the -mapall=nobody option.
Mount the filesystem on a client (in this case Solaris, but that may not
matter) and create a new file; it should be owned and writable by `nobody'.
Try to modify the access time of the file using `touch -c'.
>Fix:
No idea.
>Release-Note:
>Audit-Trail:
>Unformatted: