You are correct -- I misspoke about this issue -- the permissions as set
on the server are unrelated to this issue (i.e. permissions set on the
client).
Paul Krizak 5900 E. Ben White Blvd. MS 625
Advanced Micro Devices Austin, TX 78741
Linux/Unix Systems Engineering Phone: (512) 602-8775
Silicon Design Division Cell: (512) 791-0686
Tom Sightler wrote:
On Fri, 2007-05-04 at 09:18 -0500, Paul Krizak wrote:
There is a subdirectory (site-lib) that we have explicitly exported (and
properly locked down) that is read-write *as root* to the world. The
reasons that this directory structure were necessary is beyond the scope
of this e-mail.
So with RHEL3 and RHEL4, this worked great. You could have both
/tool/site-config and /tool/site-lib mounted on a system and the correct
permissions would be set.
But with RHEL5, if you mount /tool/site-lib *first*, then you get root
read/write permissions to /tool/site-config! And vice-versa, if you
mount /tool/site-config first, you *lose* root permissions on
/tool/site-lib!
Are you sure about this? If they are exported with permissions on the
server, then nothing the client can do should be able to override that,
RHEL5 and it's weird behavior or not. Sure, I can mount a ro export as
rw on the client, but that doesn't mean it is rw, the server has to
enforce those permissions.
Now that doesn't mean that I think your points about this client
behavior aren't valid, but I just don't see what you're saying here. If
you're somehow saying that a RHEL5 system can somehow override server
based restrictions then that is HUGE, but that would seem like it would
have to be a bug in the NFS server as it has to be the server which
enforces restrictions on exports.
Later,
Tom
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
