Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go-nfs not taking into account file permissions #17

Closed
mvazquezc opened this issue Feb 16, 2021 · 4 comments
Closed

go-nfs not taking into account file permissions #17

mvazquezc opened this issue Feb 16, 2021 · 4 comments

Comments

@mvazquezc
Copy link

Hey @willscott,

First of all, thank you for this awesome project.

I'm trying to containerize this project for my demos. I have it working but at this time it doesn't honor file permissions present on the filesystem.

On the readme you have this:

The billy abstraction layer does not extend to exposing uid and gid ownership of files. If ownership is important to your file system, you will need to ensure that the os.FileInfo meets additional constraints. In particular, the Sys() escape hatch is queried by this library, and if your file system populates a syscall.Stat_t concrete struct, the ownership specified in that object will be used.

I don't fully understand what you mean here, I believe my filesystem populates the uid and gid for every object, not sure what I'm doing wrong.

I'm using the example in example/osnfs

Thanks!
@willscott
Copy link
Owner

Are you trying to have multiple users access the server, and translate the permissions of those users into the file access permissions? do you mean that when you mount, you aren't seeing the expected unix permissions of files on the client?

@mvazquezc
Copy link
Author

Having multiple users access the server is the use case. Every user will have their own uid,gid. At this point this is what I'm seeing:

The exported folder is owned by UID 5000, the nfs server is run by the UID 5000.

When I mount the share from another server, I do see the files and folder being owned by UID,GID 5000. Even if I don't have access to the file because my UID is 1000 and I don't have GID 5000 assigned to this user I can read the file and even modify it.

This is what I see from user 1000 when it accesses the mount:

$ ls -l
total 1
-rw-rw----. 1 5000 5000  0 feb 16 17:10 dummy1

With this user I can read, create and update files. When new files are created they get created with UID and GID set to 5000. So my guess is that the nfs is receiving the creation order and instead of checking the permissions it goes ahead and create the files with its own UID,GID combination.

So summarizing, I do see the unix permissions of files on the clients, but they're not honored.

@willscott
Copy link
Owner

Authentication and permission of clients is not fully worked through on any of the example handlers, as my primary use case has been in single user systems.

When a user mounts the filesystem, the handler is able to check access of the mount and associate an effective user with the file system view returned.

Currently access for all demos is just using a NullAuthHandler which doesn't attempt to do any uid association between client and server UIDs.

@mvazquezc
Copy link
Author

Okay, since this is expected I'm closing the issue.

Thanks.

@willscott willscott mentioned this issue Feb 16, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@willscott @mvazquezc