Re: more default uid/gid for NFS in mountd

From: Rick Macklem <rmacklem_at_uoguelph.ca>
Date: Sun, 14 May 2017 01:12:11 +0000
Slawa Olhovchenkov wrote:
>Rick Macklem wrote:
>> Hi,
>>
>> Five years ago (yea, it slipped through a crack;-), Slawa reported that files
>> created by root would end up owned by uid 2**32-2 (-2 as uint32_t).
>> This happens if there is no "-maproot=<user>" in the /etc/exports line.
>>
>> The cause is obvious. The value is set to -2 by default.
>>
>> The question is... Should this be changed to 65534 (ie "nobody")?
>> - It would seem more consistent to make it the uid of nobody, but I can also see
>>   the argument that since it has been like this *forever*, that changing it would be
>>   a POLA violation.
>> What do others think?
>
>IMHO uid 2**32-2 is POLA violation.
>Nobody expect this uid. Too much number. This is like bug.
This is what I have just committed. Thanks for the comments.

>> It is also the case that mountd.c doesn't look "nobody" up in the password database
>> to set the default. It would be nice to do this, but it could result in the mountd daemon
>> getting "stuck" during a boot waiting for an unresponsive LDAP service or similar.
>> Does doing this sound like a good idea?
>
>This is (stuck at boot) already do for case of using NIS and nfsuserd.
There is a difference here. nfsuserd mpas between uid/names, so it can't work
without the password database.
mountd can work without the password database, so I held off on doing this for now.

>I am regular see this for case of DNS failed at boot.
>You offer don't impair current behaviour.
As an aside, if you have the critical entries in the local files (/etc/hosts, /etc/passwd,
/etc/group) and then tell the libraries to search these first in /etc/nsswitch.conf, then
you usually avoid this problem.

Thanks for the comments, rick
Received on Sat May 13 2017 - 23:12:14 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:11 UTC