[illumos-Developer] NFSv4 exclusive open breaks ACL's

Garrett D'Amore garrett at nexenta.com
Tue Jul 19 00:38:57 PDT 2011 

Without committing to a schedule, let me say *yes* it is under active development, with availability anticipated "soon".  It is quite possible that this will deliver in a NexentaStor product *before* illumos however.  (The barriers to integration in illumos are by design higher, and there are sound business reasons why it might be a good idea not to release source for a product before the actual product is made commercially available. :-)

  -- Garrett D'Amore

On Jul 18, 2011, at 7:16 PM, "Paul B. Henson" <henson at acm.org> wrote:

> The current implementation of exclusive open under NFS is somewhat broken in regards to ACLs; the initial create does not specify a mode, the mode is specified after the creation in a separate setattr. Unfortunately, this results in the initial creation without a mode inheriting the correct ACL, and the subsequent setattr effectively breaking it like a chmod :(.
> 
> This has been known about for a *long* time, Sun CR#6215088 was opened in 2005 describing the issue with UFS ACL's, but it has never been fixed. A new operation is in the NFSv4.1 spec which allows specifying attributes during an exclusive open (why didn't they fix this in NFSv4? The problem already existed <sigh>) and will resolve this, once NFSv4.1 is generally available.
> 
> It seems in theory a workaround should be able to be implemented for NFSv4 on the server side. If the server can correlate the initial exclusive open call with the subsequent setattr, in the case where the file inherited an ACL, it can simply ignore the setattr, allowing the file to correctly maintain the original inherited ACL. I must confess I don't currently know enough about solaris nfs server internals to know how difficult it would be to get reality to line up with theory ;). I had an open SR for a while with Oracle and tried to engage in a technical discussion, but never got close enough to an actual engineer to be able to do so :(.
> 
> What is the prognosis for NFSv4.1 support in illumos? Oracle closed my support ticket with the resolution of "fixed by NFSv4.1" but refused to estimate when that fix might actually be available in Solaris. I don't know what if any NFSv4.1 source code was in OpenSolaris before Oracle locked down releasing it. Presumably at some point Nexenta intends to have it available, but I don't know what priority is placed on it or if there's any active development underway.
> 
> As far as NFSv4, are there any solaris nfs server experts around that might be able to comment on the feasibility of some kind of server workaround to keep exclusive open from horribly breaking ACL's? Personally, I consider this a serious security issue, as a file which should be been locked down tight based on the configured inherited ACL might well end up world readable 8-/, but Oracle didn't buy that...
> 
> Thanks...
> 
> 
> -- 
> Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
> Operating Systems and Network Analyst  |  henson at csupomona.edu
> California State Polytechnic University  |  Pomona CA 91768
> 
> _______________________________________________
> Developer mailing list
> Developer at lists.illumos.org
> http://lists.illumos.org/m/listinfo/developer

More information about the Developer mailing list