Like all other NFS ops, unlink/remove is preceded by an access call.
nfs3_access on parent directory (under which file is being removed) returns
a response with res->res_access3.ACCESS3res_u.resok.access set to
permissions allowed on the parent directory. Since the current user doesn't
have write permission on parent directory,
res->res_access3.ACCESS3res_u.resok.access is set to 3. After this
response, client issues remove call and there are no checks in
nfs/fsal layers to prevent unlink from happening. Similar behavior can be
observed with file/directory create. But, file writes are not issued by
the client when access check response has no write access set for the file.
I am using v2.4-stable build and implemented only NFS v3 ops in custom
FSAL. I can add access checks in create/unlink to prevent these issues.
But, I want to know if there is something wrong in my understanding.
Thanks,
Naresh
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
