Download | Devuan.org | Git | Bugs | Packages

The officially official Devuan Forum!

You are not logged in.

Pages: 1

#1 2025-06-27 14:18:51

chomwitt
Member
Registered: 2019-09-24
Posts: 163  

nfs4 no_root_squash strange behavior

According to $ man exports :   

root_squash
Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does not apply to any other uids or gids that might be equally sensitive such as user bin or group staff.
no_root_squash
Turn off root squashing. This option is mainly useful for diskless clients.

And assuming my server /etc/exports is :
/home/chomwitt/NFSExport     192.168.2.44(rw,sync,no_subtree_check,no_root_squash)

It happens that a client/root user can create a file in the nfs share.
(root@client-~/importedshare) # touch test.txt

And in the client we will indeed see that a file was created:
(chomwtt@server-~/exportedshare) # ls
-rw-r--r--  1 root     root             0 Jun 27 17:01  test.txt

Now logically chomwitt@server should not be able to delete that test.txt . But i can.

Is that a bug?

Last edited by chomwitt (2025-06-27 14:26:14)

Devuan(Chimaera)(Daedalus)  DS+WM: XorgX11server+StumpVM

Offline

#2 2025-06-27 16:22:04

chris2be8
Member
Registered: 2018-08-11
Posts: 329  

Re: nfs4 no_root_squash strange behavior

Try ls -ld ~/exportedshare on server. If the chomwitt account has write access to the directory it will be able to delete files in it even if it can't do anything else to them. This is one of the non-intuitive quirks of how UNIX file permissions work.

You could prevent it with chattr +i text.txt if you really needed to.

Offline

#3 2025-06-27 20:15:43

chomwitt
Member
Registered: 2019-09-24
Posts: 163  

Re: nfs4 no_root_squash strange behavior

(root@client-~/importedshare)$ chattr +i test.txt
chattr: Operation not supported while reading flags on test.txt

But i changed 'test.txt's attribute in the server.

Thanks for reminding me that UNIX 'quirk' .

Devuan(Chimaera)(Daedalus)  DS+WM: XorgX11server+StumpVM

Offline

#4 2025-06-28 16:13:10

chris2be8
Member
Registered: 2018-08-11
Posts: 329  

Re: nfs4 no_root_squash strange behavior

From man chattr:
Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

And what are the ownership and permissions of the directory? That is what controls which accounts can delete a file.

Offline

Pages: 1

Board footer

Forum Software