Urgent help regarding NFS access control - NFS

This is a discussion on Urgent help regarding NFS access control - NFS ; Hello, I am running NFSv3 server on freeBSD and I need to perform some *urgent* modifications in the access control mechanisms on the server (the way permission bits are checked on the server side). I am new to NFS and ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Urgent help regarding NFS access control

  1. Urgent help regarding NFS access control

    Hello,

    I am running NFSv3 server on freeBSD and I need to perform some
    *urgent* modifications in the access control mechanisms on the server
    (the way permission bits are checked on the server side).

    I am new to NFS and kernel level programming. I am trying to figure out
    which layer I need to modify (i.e., where is the actual function that
    performs the access control check located).

    In particular, I have following questions:

    - Does NFS server daemon actually perform access control checks or does
    it leave this to the underlying filesystem (such as calling some
    function of ext3)? How about VFS? I was under the impression that NFS
    and VFS leave this to the underlying filesystem but I got confused
    after reading some online documents.

    - In general, which code base do I need to modify (for access checks)
    ext3 or VFS or NFS?

    Any help will be greatly appreciated.

    Thanks.


  2. Re: Urgent help regarding NFS access control


    fantoosh wrote:
    > In particular, I have following questions:
    >
    > - Does NFS server daemon actually perform access control checks or

    does
    > it leave this to the underlying filesystem (such as calling some
    > function of ext3)? How about VFS? I was under the impression that NFS
    > and VFS leave this to the underlying filesystem but I got confused
    > after reading some online documents.
    >
    > - In general, which code base do I need to modify (for access checks)
    > ext3 or VFS or NFS?
    >

    In the NFS server sources, you'll find a function called
    nfsrv_access(), which
    applies some basic access checking, prior to doing the VOP_xxx calls.
    The local
    file system code /usr/src/sys/ufs/... may also apply additional access
    checking.

    So, basically, the answer is both the NFS server and the local file
    system below
    the VFS calls, rick


  3. Re: Urgent help regarding NFS access control


    fantoosh wrote:
    > In particular, I have following questions:
    >
    > - Does NFS server daemon actually perform access control checks or

    does
    > it leave this to the underlying filesystem (such as calling some
    > function of ext3)? How about VFS? I was under the impression that NFS
    > and VFS leave this to the underlying filesystem but I got confused
    > after reading some online documents.
    >
    > - In general, which code base do I need to modify (for access checks)
    > ext3 or VFS or NFS?
    >

    In the NFS server sources, you'll find a function called
    nfsrv_access(), which
    applies some basic access checking, prior to doing the VOP_xxx calls.
    The local
    file system code /usr/src/sys/ufs/... may also apply additional access
    checking.

    So, basically, the answer is both the NFS server and the local file
    system below
    the VFS calls, rick


  4. Re: Urgent help regarding NFS access control


    fantoosh wrote:
    > In particular, I have following questions:
    >
    > - Does NFS server daemon actually perform access control checks or

    does
    > it leave this to the underlying filesystem (such as calling some
    > function of ext3)? How about VFS? I was under the impression that NFS
    > and VFS leave this to the underlying filesystem but I got confused
    > after reading some online documents.
    >
    > - In general, which code base do I need to modify (for access checks)
    > ext3 or VFS or NFS?
    >

    In the NFS server sources, you'll find a function called
    nfsrv_access(), which
    applies some basic access checking, prior to doing the VOP_xxx calls.
    The local
    file system code /usr/src/sys/ufs/... may also apply additional access
    checking.

    So, basically, the answer is both the NFS server and the local file
    system below
    the VFS calls, rick


+ Reply to Thread