Network and Storage Protocols

NFS permissions

muhammad_i_pasha
6,333 Views

Basically trying to test\understand NFS permissions. Performed following

1- Exported a Unix style Qtree to a Linux host

2 - Created 2 users (A and B) on Linux. Both member of adm group on Linux

3 - Switched user to A and created a directory (A_dir). Changed permission of directory to 700 (only owner has permissions)

4 - Switched user to B and tried moving\reading to directory (A_dir). Got permissions denied which makes sense as user B don't have permissions

5 - Then tried deleting directory and deleted successfully although user B don't have permissions.

Any idea what is reason of this behavior? There is no LDAP and NIS configured so don't know how filer handles users A and B from Linux host. How can I find that?

6 REPLIES 6

baijulal
6,333 Views

Ttr information from below like helps to troubleshoot

https://kb.netapp.com/support/index?page=content&id=1011734

billshaffer
6,333 Views

The posted link covers ntfs security qtrees/volumes and does not apply to you.

The parent directory (where A_dir is) is writable by user B.  When you were trying to do stuff in A_dir, you couldn't because A_dir's permissions were too restrictive.  Removing the directory is an operation in the parent directory, not the directory you're trying to remove, so the parent directories permissions govern.  A bit goofy, yes....

Bill

muhammad_i_pasha
6,333 Views

Thanks for reply.

Deletion without permission only happens when you perform above step on a directory on filer (mount). If you perform above steps for a directoy on Linux server, permissions works fine (i.e. you are not able to delete dir for which you don't have permissions) even though parent directory has permissions for all users.

billshaffer
6,333 Views

That is interesting.  On my Redhat 5.5 boxes I can remove dirs without permissions, as long as I have permissions to the parent dir.  What OS are you running?  I'm assuming no sticky bits, no extended file attributes, and so selinux?  Also assuming none of your test users are root?

muhammad_i_pasha
6,333 Views

Version: EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
Both users A and B are member of Linux adm grop. Parent directory is owned by root and has permissions for other users.

billshaffer
6,333 Views

Not sure what to tell you.  I see the behavior I've described in Solaris 10 and Ubuntu as well.  This is how I understand it should be.

Bill

Public