You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 Yesterday 14:18:51
- chomwitt
- Member
- Registered: 2019-09-24
- Posts: 161
nfs4 no_root_squash strange behavior
According to $ man exports :
root_squash
Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does not apply to any other uids or gids that might be equally sensitive such as user bin or group staff.
no_root_squash
Turn off root squashing. This option is mainly useful for diskless clients.
And assuming my server /etc/exports is :
/home/chomwitt/NFSExport 192.168.2.44(rw,sync,no_subtree_check,no_root_squash)
It happens that a client/root user can create a file in the nfs share.
(root@client-~/importedshare) # touch test.txt
And in the client we will indeed see that a file was created:
(chomwtt@server-~/exportedshare) # ls
-rw-r--r-- 1 root root 0 Jun 27 17:01 test.txt
Now logically chomwitt@server should not be able to delete that test.txt . But i can.
Is that a bug?
Last edited by chomwitt (Yesterday 14:26:14)
Devuan(Chimaera)(Daedalus) DS+WM: XorgX11server+StumpVM
Offline
#2 Yesterday 16:22:04
- chris2be8
- Member
- Registered: 2018-08-11
- Posts: 327
Re: nfs4 no_root_squash strange behavior
Try ls -ld ~/exportedshare on server. If the chomwitt account has write access to the directory it will be able to delete files in it even if it can't do anything else to them. This is one of the non-intuitive quirks of how UNIX file permissions work.
You could prevent it with chattr +i text.txt if you really needed to.
Offline
#3 Yesterday 20:15:43
- chomwitt
- Member
- Registered: 2019-09-24
- Posts: 161
Re: nfs4 no_root_squash strange behavior
(root@client-~/importedshare)$ chattr +i test.txt
chattr: Operation not supported while reading flags on test.txtBut i changed 'test.txt's attribute in the server.
Thanks for reminding me that UNIX 'quirk' .
Devuan(Chimaera)(Daedalus) DS+WM: XorgX11server+StumpVM
Offline
Pages: 1
