Re: [Unionfs] unionfs-20050923-1803: Permission denied

Tue, 27 Sep 2005 00:25:51 -0700 

On Mon, Sep 26, 2005 at 07:04:45PM -0400, Dave Quigley wrote:
> >#########################################################################
> ># dmesg|grep  'Registering unionfs'
> >Registering unionfs 20050923-1803
> ># uname -a
> >Linux fs8 2.6.11.4-21.9-smp #1 SMP Fri Aug 19 11:58:59 UTC 2005 i686 i686 
> >i386 GNU/Linux
> >#
> ># mount | grep /a
> >npserv3:/p/7 on /a type nfs (ro,addr=132.230.1.13)
> ># touch /a/xx /b/xx /diff/xx
> >touch: cannot touch `/a/xx': Read-only file system
> ># rm /b/xx /diff/xx
> ># mount -t unionfs -o dirs=/diff=rw:/a=ro none /b
> ># touch /b/xx
> >touch: cannot touch `/b/xx': Permission denied
> >######################################################################### 

I'm not sure if this is the problem, but this behaviour SHOULD be
absolutely correct if you exported the NFS filesystem without
"no_root_squash". The root UID on the lcal system is mapped to "nobody"
on the remote filesystem, so a permission() call SHOULD say that root
("nobody" on the remote system) has NO PERMISSION to modify that file!

Now you mounted a local filesystem over the NFS volume. Still, the
permissions of the ORIGINAL file must be checked in order to find out if
the user has permission to create a file on the writable branch.

So, there probably is no error here. The error message is correct. You
have no permission to modify a file or create a file in a directory that
is not writable by the unprivileged user "nobody".

> Hello Martin,
>    You might want to try the newer snapshot there was a problem with 
> klaus's patch but I fixed it and the new version should be in the snapshots.

I still think my patch behaves correctly in this testcase. If you change
it to check the upper rw branch instead of the lower ro branch, you will
get back to the point where the user can overwrite files that he is not
supposed to be able to change, wrongly.

Regards
-Klaus Knopper
PS: To verify this, try to export the NFS volume read/write, and try to
touch the file remotely as root (with no unionfs involved). It should
also give you "permission denied". Which is 100% correct.
_______________________________________________
unionfs mailing list
[email protected]
http://www.fsl.cs.sunysb.edu/mailman/listinfo/unionfs

Reply via email to