<![CDATA[Dev1 Galaxy Forum / nfs4 no_root_squash strange behavior]]> http://dev1galaxy.org/viewtopic.php?id=7267 Sat, 28 Jun 2025 16:13:10 +0000 FluxBB <![CDATA[Re: nfs4 no_root_squash strange behavior]]> http://dev1galaxy.org/viewtopic.php?pid=56348#p56348 From man chattr:
Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

And what are the ownership and permissions of the directory? That is what controls which accounts can delete a file.

]]> Sat, 28 Jun 2025 16:13:10 +0000 http://dev1galaxy.org/viewtopic.php?pid=56348#p56348 <![CDATA[Re: nfs4 no_root_squash strange behavior]]> http://dev1galaxy.org/viewtopic.php?pid=56326#p56326 
(root@client-~/importedshare)$ chattr +i test.txt
chattr: Operation not supported while reading flags on test.txt

But i changed 'test.txt's attribute in the server.

Thanks for reminding me that UNIX 'quirk' .

]]> Fri, 27 Jun 2025 20:15:43 +0000 http://dev1galaxy.org/viewtopic.php?pid=56326#p56326 <![CDATA[Re: nfs4 no_root_squash strange behavior]]> http://dev1galaxy.org/viewtopic.php?pid=56320#p56320 Try ls -ld ~/exportedshare on server. If the chomwitt account has write access to the directory it will be able to delete files in it even if it can't do anything else to them. This is one of the non-intuitive quirks of how UNIX file permissions work.

You could prevent it with chattr +i text.txt if you really needed to.

]]> Fri, 27 Jun 2025 16:22:04 +0000 http://dev1galaxy.org/viewtopic.php?pid=56320#p56320 <![CDATA[nfs4 no_root_squash strange behavior]]> http://dev1galaxy.org/viewtopic.php?pid=56318#p56318 According to $ man exports :   

root_squash
Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does not apply to any other uids or gids that might be equally sensitive such as user bin or group staff.
no_root_squash
Turn off root squashing. This option is mainly useful for diskless clients.

And assuming my server /etc/exports is :
/home/chomwitt/NFSExport     192.168.2.44(rw,sync,no_subtree_check,no_root_squash)

It happens that a client/root user can create a file in the nfs share.
(root@client-~/importedshare) # touch test.txt

And in the client we will indeed see that a file was created:
(chomwtt@server-~/exportedshare) # ls
-rw-r--r--  1 root     root             0 Jun 27 17:01  test.txt

Now logically chomwitt@server should not be able to delete that test.txt . But i can.

Is that a bug?

]]> Fri, 27 Jun 2025 14:18:51 +0000 http://dev1galaxy.org/viewtopic.php?pid=56318#p56318