Commit 22cf8419 authored by J. Bruce Fields's avatar J. Bruce Fields

nfsd: apply umask on fs without ACL support

The server is failing to apply the umask when creating new objects on
filesystems without ACL support.

To reproduce this, you need to use NFSv4.2 and a client and server
recent enough to support umask, and you need to export a filesystem that
lacks ACL support (for example, ext4 with the "noacl" mount option).

Filesystems with ACL support are expected to take care of the umask
themselves (usually by calling posix_acl_create).

For filesystems without ACL support, this is up to the caller of
vfs_create(), vfs_mknod(), or vfs_mkdir().
Reported-by: default avatarElliott Mitchell <ehem+debian@m5p.com>
Reported-by: default avatarSalvatore Bonaccorso <carnil@debian.org>
Tested-by: default avatarSalvatore Bonaccorso <carnil@debian.org>
Fixes: 47057abd ("nfsd: add support for the umask attribute")
Cc: stable@vger.kernel.org
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent b3a9e3b9
...@@ -1226,6 +1226,9 @@ nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, ...@@ -1226,6 +1226,9 @@ nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp,
iap->ia_mode = 0; iap->ia_mode = 0;
iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type;
if (!IS_POSIXACL(dirp))
iap->ia_mode &= ~current_umask();
err = 0; err = 0;
host_err = 0; host_err = 0;
switch (type) { switch (type) {
...@@ -1458,6 +1461,9 @@ do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, ...@@ -1458,6 +1461,9 @@ do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp,
goto out; goto out;
} }
if (!IS_POSIXACL(dirp))
iap->ia_mode &= ~current_umask();
host_err = vfs_create(dirp, dchild, iap->ia_mode, true); host_err = vfs_create(dirp, dchild, iap->ia_mode, true);
if (host_err < 0) { if (host_err < 0) {
fh_drop_write(fhp); fh_drop_write(fhp);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment