Re: [PATCH] private mounts

From: Bryan Henderson
Date: Thu Apr 28 2005 - 17:43:45 EST


>Root squashing is there to enforce the policy that nobody gets to access
>any files with uid=0,gid=0. IOW it is a policy that is first and
>foremost meant to make root-owned files untouchable.

That's the only thing it does well, but you'd have to convince me that
that's what it was designed for and that's what everyone expects out of
it. The most salient effect of root squashing -- the one that takes
people by surprise -- is that it removes the special rights an NFS server
otherwise accords to uid 0. If protecting files owned by uid=0, gid=0
were the original design goal, the protocol could have been designed to do
that while still giving uid 0 access to everybody else's files.

>>a process with CAP_DAC_OVERRIDE can get EACCES. ... Whine, whine...
>Tough.

This is actually off-topic. We're not talking about whether root
squashing is a good compromise. We started with the statement that the
only existing thing like (some private mount proposal) is NFS root
squashing and the statement that some people consider that broken. That
elicited a response from you that suggested you were unaware there was
anything not to like about root squashing ("Really?") and then some
descriptions of the objections. The fact is that negative perceptions of
root squashing exist. I know you know that. There are respectable
technical people who don't agree with the compromise. So if one is
looking for a broadly acceptable design of private mounts, one might want
to find one that doesn't use NFS root squashing as its precedent.

--
Bryan Henderson IBM Almaden Research Center
San Jose CA Filesystems

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/