NFSv4 mount point does not allow binary files to run when permissions are set only to execute
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux |
Fix Released
|
Medium
|
|||
linux (Ubuntu) |
Fix Released
|
Medium
|
Chris J Arges | ||
Lucid |
Fix Released
|
Undecided
|
Chris J Arges | ||
Maverick |
Invalid
|
Undecided
|
Unassigned | ||
Natty |
Fix Released
|
Undecided
|
Chris J Arges | ||
Oneiric |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Chris J Arges |
Bug Description
Affected releases:
- Lucid, Natty when running NFSv4
One cannot run binary files when permissions are set to ---x--x--x on systems running NFSv4.
Expected behaviour:
- Allow binaries to run by just having --x (execute) permissions. This works when the mount point is created using NFSv3. According to the literature if it is a binary it makes an exec() call to the kernel therefore you don't need to have (read) permissions on the file.
PS: Scripts run as expected when they have the following r-x permissions. Since scripts have to pass by an interpreter ( perl, bash ) they do need to have (read and exec) permissions.
Steps to reproduce
1. Install nfs
2. configure /etc/export
/data/nfs *(rw,fsid=
3. Mount using nfsv4
sudo mount -t nfs4 -o proto=tcp,port=2049 localhost:/ /mnt
4. cd /mnt
ls -la a.out script.sh
---x--x--x 1 ubuntu ubuntu 8461 2011-08-24 17:59 a.out
---x--x--x 1 ubuntu ubuntu 27 2011-08-24 17:58 script.sh
5. running binary and script
ubuntu@
-bash: ./a.out: Permission denied
ubuntu@
-bash: ./script.sh: Permission denied
ubuntu@
/dev/sda1 on / type ext3 (rw)
proc on /proc type proc (rw,noexec,
none on /sys type sysfs (rw,noexec,
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,
none on /var/lock type tmpfs (rw,noexec,
none on /lib/init/rw type tmpfs (rw,nosuid,
nfsd on /proc/fs/nfsd type nfsd (rw)
rpc_pipefs on /var/lib/
localhost:/ on /mnt type nfs4 (rw,proto=
==
When running nfsv3
1. sudo mount -t nfs -o vers=3 localhost:/data/nfs /mnt
2. testing again
ubuntu@
Hello Ubuntu!
ubuntu@
/bin/bash: ./script.sh: Permission denied
ubuntu@
ubuntu@
/dev/sda1 on / type ext3 (rw)
proc on /proc type proc (rw,noexec,
none on /sys type sysfs (rw,noexec,
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,
none on /var/lock type tmpfs (rw,noexec,
none on /lib/init/rw type tmpfs (rw,nosuid,
nfsd on /proc/fs/nfsd type nfsd (rw)
rpc_pipefs on /var/lib/
localhost:/data/nfs on /mnt type nfs (rw,vers=
---
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23.
AplayDevices: Error: [Errno 2] No such file or directory
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', '/dev/snd/
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info: Error: [Errno 2] No such file or directory
Card0.Amixer.
CurrentDmesg:
[ 3.585529] NFSD: Using /var/lib/
[ 3.585840] NFSD: starting 90-second grace period
[ 13.220124] eth0: no IPv6 routers present
DistroRelease: Ubuntu 11.04
HibernationDevice: RESUME=
IwConfig:
lo no wireless extensions.
eth0 no wireless extensions.
Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: Bochs Bochs
Package: linux (not installed)
ProcEnviron:
LANGUAGE=en_US:
LANG=en_US
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=
ProcVersionSign
RelatedPackageV
linux-
linux-
linux-firmware 1.52
RfKill:
Tags: natty
Uname: Linux 2.6.38-10-server x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
dmi.bios.date: 01/01/2007
dmi.bios.vendor: Bochs
dmi.bios.version: Bochs
dmi.chassis.type: 1
dmi.chassis.vendor: Bochs
dmi.modalias: dmi:bvnBochs:
dmi.product.name: Bochs
dmi.sys.vendor: Bochs
Changed in linux (Ubuntu): | |
assignee: | nobody → Canonical Kernel Team (canonical-kernel-team) |
status: | Incomplete → Triaged |
Changed in linux (Ubuntu): | |
importance: | Undecided → Medium |
tags: | added: patch |
Changed in linux (Ubuntu): | |
assignee: | Canonical Kernel Team (canonical-kernel-team) → Chris J Arges (christopherarges) |
Changed in linux (Ubuntu): | |
status: | Triaged → In Progress |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Natty): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu Lucid): | |
status: | New → Fix Committed |
tags: |
added: verification-done-lucid removed: verification-needed-lucid |
Changed in linux: | |
importance: | Unknown → Medium |
status: | Unknown → Confirmed |
Changed in linux: | |
status: | Confirmed → Fix Released |
I've opened an upstream bug as well.
https:/ /bugzilla. linux-nfs. org/show_ bug.cgi? id=201
Leonardo