Re: [RFC] FUSE permission modell (Was: fuse review bits)
From: Jan Hudec
Date: Tue Apr 12 2005 - 11:50:35 EST
On Tue, Apr 12, 2005 at 17:13:03 +0100, Jamie Lokier wrote:
> Miklos Szeredi wrote:
> > > Note that NFS checks the permissions on _both_ the client and server,
> > > for a reason.
> >
> > Does it? If I read the code correctly the client checks credentials
> > supplied by the server (or cached). But the server does the actual
> > checking of permissions.
> >
> > Am I missing something?
>
> Yes, for NFSv2, this test in nfs_permssion():
>
> if (!NFS_PROTO(inode)->access)
> goto out;
>
> And for either version of NFS, if the uid and gid are non-zero, and
> the permission bits indicate that an access is permitted, then the
> client does not consult the server for permission.
... but that clearly says that it checks the permissions on *either*
cleint *or* server. Not all requests are passed to the server and there
the client only checks the permission bits, even if the credentials are
different than what was originally used to obtain the information.
-------------------------------------------------------------------------------
Jan 'Bulb' Hudec <bulb@xxxxxx>
Attachment:
signature.asc
Description: Digital signature