[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Strange permissions behavoir on NFS mount...

Wondering if anyone can explain sort of odd behavoir I noted tonight on
an nfs share.

The setup: I have mounted an exported nfs share from my server onto my
/home directory on my workstation (mount -t nfs nfs:/home /home). On the
server machine (nfs), /home is exported with root_squash, so I would
expect that as root on the workstation, I would NOT have access to ANY
of the contents of this share.

Here's what is actually happening, though. Assume there are two users,
userA and userB, both with directories in /home on the nfs server:

permissions		directory
drwx------		userA
drwx------		userB

When you look at the /home from the workstation, you see exactly the
same directories and permissions, as expected.

Now, suppose I log in as userA, and attempt to look in /home/userA and
/home/userB. As expected, I can look into /home/userA, but NOT into

Now, I su to root. As root, I can STILL look into /home/userA but NOT
into /home/userB. Strange. Interestingly, if I look at two subdirs in
/user/userA at this point, dir A and dir B, with the following

permissions		directory
drwxr-xr-x		A
drwx------		B

after su'ing from userA to root I can look into directory A but NOT into

Now, I su to userB, and things reverse: I can see into /home/userB but
not /home/userA, again as expected. If I again su to root starting as
userB, I can still see into userB but not userA.

I find this hard to sort out. It's as though, despite su'ing to root,
the NFS server is still getting the original uid, not root. But,
somehow, once I am into the dir (eg looking inside /home/userA), trying
to access a subdir no longer has that uid (because I can get into
/home/userA/A but NOT /home/userA/B after the su to root).

Does anyone understand this? What uid/gid is sent to the nfs server
after an su to root? Note, that I have checked the results of getuid(),
geteuid(), getgid(), getegid(), getresuid() and getresgid() as userA,
after su to root, and with sudo to run a program to output these values.
As userA, uid and gid are all userA as expected. As root, whether after
su or with sudo, uid/gid are all 0, so these values are what would be
expected...and not consistent with teh above results.

Any thoughts?

Reply to: