Ubuntu
linux package

  1. Bug #833300
  2. Comment #0

Comment 0 for bug 833300

Revision history for this message
Leonardo Borda (lborda) wrote :

Affected releases:
- Lucid, Natty when running NFSv4

One cannot run binary files when permissions are set to ---x--x--x on systems running NFSv4.

Expected behaviour:
- Allow binaries to run by just having --x (execute) permissions. This works when the mount point is created using NFSv3. According to the literature if it is a binary it makes an exec() call to the kernel therefore you don't need to have (read) permissions on the file.

PS: Scripts run as expected when they have the following r-x permissions. Since scripts have to pass by an interpreter ( perl, bash ) they do need to have (read and exec) permissions.

Steps to reproduce

1. Install nfs
2. configure /etc/export
/data/nfs *(rw,fsid=0,sync,no_subtree_check)
3. Mount using nfsv4
sudo mount -t nfs4 -o proto=tcp,port=2049 localhost:/ /mnt

4. cd /mnt
ls -la a.out script.sh
---x--x--x 1 ubuntu ubuntu 8461 2011-08-24 17:59 a.out
---x--x--x 1 ubuntu ubuntu 27 2011-08-24 17:58 script.sh
5. running binary and script
ubuntu@ip-10-194-34-180:/mnt$ ./a.out
-bash: ./a.out: Permission denied
ubuntu@ip-10-194-34-180:/mnt$ ./script.sh
-bash: ./script.sh: Permission denied

ubuntu@ip-10-194-34-180:/mnt$ mount -v
/dev/sda1 on / type ext3 (rw)
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
nfsd on /proc/fs/nfsd type nfsd (rw)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
localhost:/ on /mnt type nfs4 (rw,proto=tcp,port=2049,clientaddr=127.0.0.1,addr=127.0.0.1)

==
When running nfsv3
1. sudo mount -t nfs -o vers=3 localhost:/data/nfs /mnt

2. testing again
ubuntu@ip-10-194-34-180:/mnt$ ./a.out
Hello Ubuntu!
ubuntu@ip-10-194-34-180:/mnt$ ./script.sh
/bin/bash: ./script.sh: Permission denied
ubuntu@ip-10-194-34-180:/mnt$

ubuntu@ip-10-194-34-180:~$ mount -v
/dev/sda1 on / type ext3 (rw)
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
nfsd on /proc/fs/nfsd type nfsd (rw)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
localhost:/data/nfs on /mnt type nfs (rw,vers=3,addr=127.0.0.1)