APPLIED[L]: [SRU][Kinetic][Lunar][PATCH 0/3] NFS: client permission error after adding user to permissible group

Stefan Bader stefan.bader at canonical.com
Tue Feb 7 10:21:57 UTC 2023 

On 07.02.23 11:18, Chengen Du wrote:
> Hi Andrea,
> 
> I noticed that the patch does not be applied to kinetic.
> May I ask if is there any concern?

It IS applied to Kinetic. Separate reply.

-Stefan

> 
> Best regards,
> Chengen Du
> 
> On Tue, Jan 31, 2023 at 7:29 AM Andrea Righi <andrea.righi at canonical.com> wrote:
>>
>> On Sat, Jan 21, 2023 at 10:25:46PM +0800, Chengen Du wrote:
>>> [Impact]
>>> The NFS client's access cache becomes stale due to the user's group membership changing on the server after the user has already logged in on the client.
>>> The access cache only expires if either NFS_INO_INVALID_ACCESS flag is on or timeout (without delegation).
>>> Adding a user to a group in the NFS server will not cause any file attributes to change.
>>> The client will encounter permission errors until other file attributes are changed or the memory cache is dropped.
>>>
>>> [Fix]
>>> The access cache shall be cleared once the user logs out and logs back in again.
>>>
>>> 0eb43812c0270ee3d005ff32f91f7d0a6c4943af NFS: Clear the file access cache upon login
>>> 029085b8949f5d269ae2bbd14915407dd0c7f902 NFS: Judge the file access cache's timestamp in rcu path
>>> 5e9a7b9c2ea18551759833146a181b14835bfe39 NFS: Fix up a sparse warning
>>>
>>> [Test Plan]
>>> 1.[client side] testuser is not part of testgroup
>>>    testuser at kinetic:~$ ls -ld /mnt/private/
>>>    drwxrwx--- 2 root testgroup 4096 Nov 24 08:23 /mnt/private/
>>>    testuser at kinetic:~$ mktemp -p /mnt/private/
>>>    mktemp: failed to create file via template
>>>    ‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied
>>> 2.[server side] add testuser into testgroup, which has access to folder
>>>    root at kinetic:~$ usermod -aG testgroup testuser &&
>>>    echo `date +'%s'` > /proc/net/rpc/auth.unix.gid/flush
>>> 3.[client side] create a file again but still fail
>>>    testuser at kinetic:~$ mktemp -p /mnt/private/
>>>    mktemp: failed to create file via template
>>>    ‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied
>>>
>>> [Where problems could occur]
>>> The fix will apply upstream commits, so the regression can be considered as low.
>>
>> Applied to lunar/linux (linux-unstable already has these patches).
>>
>> Thanks,
>> -Andrea
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230207/edd656d4/attachment-0001.sig>

More information about the kernel-team mailing list