Root on a client is allowed to list the directory contents, even if the mode of the directory is 711. Directory is NFS-mounted using NFS vers.2. Fix: Don't know. I also have 2 linux clients mounting directories from the same server. root on one of them has access to restricted directories, on the other it has no access (kernels have different versions). I'll be happy to provide tcpdump output of NFS packets and any other additional informations. How-To-Repeat: galileo: BSD NFS server galois: NFS client (solaris 7) On galileo: $ ls -ld /export/4/magma drwx--x--x 7 magma math 512 Nov 1 15:36 /export/4/magma/ On galois: # mount -o vers=2 galileo:/export/4 /mnt # ls /mnt/magma LAB_HOME/ Magma2.3/ Magma2.6/ public_html@ Magma2.2/ Magma2.4/ Mailbox # umount /mnt # mount -o vers=3 galileo:/export/4 /mnt # ls /mnt/magma /mnt/magma: Permission denied NFS version 3 mount produces expected results. With NFS v.2 root is allowed to access directory.
State Changed From-To: open->feedback Does this problem still occur in newer versions of FreeBSD, such as 4.3-RELEASE?
Adding to Audit-Trail. On Sat, Jul 21, 2001 at 09:59:54AM -0500, Vladimir V. Egorin wrote: > On Fri, Jul 20, 2001 at 07:32:47PM -0700, mike@FreeBSD.org wrote: > > Synopsis: root has access to NFS mounted directories with maproot=nobody > > > > State-Changed-From-To: open->feedback > > State-Changed-By: mike > > State-Changed-When: Fri Jul 20 19:32:27 PDT 2001 > > State-Changed-Why: > > > > Does this problem still occur in newer versions of FreeBSD, > > such as 4.3-RELEASE? > > > > http://www.FreeBSD.org/cgi/query-pr.cgi?pr=14712 > > The problem is still there: > > On the NFS server: > # ls -ld /var/test > drwx--x--x 2 root wheel 512 Jul 21 09:55 /var/test > # touch /var/test/file > > On the NFS server: > /var is shared: (/etc/exports) > /var -maproot=nobody > > > On the client: > > # mount -o vers=3 hopper:/var /mnt > # ls /mnt/test > /mnt/test: Permission denied > > > # umount /mnt > # mount -o vers=2 hopper:/var /mnt > # ls /mnt/test > file > > Please let me know if you need any debugging help. > -- > Vladimir
Adding to Audit-Trail. On Sat, Jul 21, 2001 at 10:02:23AM -0500, Vladimir V. Egorin wrote: > Forgot to add: the system (NFS server) is running > 4.3-STABLE (cvsup'ed on Jun 5). > > > -- > Vladimir
Responsible Changed From-To: freebsd-bugs->iedowse Sending PR to Ian Dowse <iedowse@FreeBSD.org>. Ian, I'm hoping you'll be able to solve this longstanding problem with NFS.
State Changed From-To: feedback->analyzed Originator's comments are in the Audit-Trail.
State Changed From-To: analyzed->feedback Hello, is nfsv2 still in use?
Responsible Changed From-To: iedowse->remko grab the pr to get feedback. i noticed the behaviour is still there probably because of lacking information in v2 (which is there in v3 and later).
State Changed From-To: feedback->closed feedback timeout