ACK/CMNT: [SRU][Focal][PATCH 0/3] NFS: client permission error after adding user to permissible group

Luke Nowakowski-Krijger luke.nowakowskikrijger at canonical.com
Fri Jan 27 19:31:36 UTC 2023 

Same comments as the Bionic thread

Acked-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger at canonical.com>

On Wed, Jan 18, 2023 at 6:57 AM Chengen Du <chengen.du at canonical.com> wrote:

> From: root <chengen.du at canonical.com>
>
> [Impact]
> The NFS client's access cache becomes stale due to the user's group
> membership changing on the server after the user has already logged in on
> the client.
> The access cache only expires if either NFS_INO_INVALID_ACCESS flag is on
> or timeout (without delegation).
> Adding a user to a group in the NFS server will not cause any file
> attributes to change.
> The client will encounter permission errors until other file attributes
> are changed or the memory cache is dropped.
>
> [Fix]
> The access cache shall be cleared once the user logs out and logs back in
> again.
>
> 0eb43812c0270ee3d005ff32f91f7d0a6c4943af NFS: Clear the file access cache
> upon login
> 029085b8949f5d269ae2bbd14915407dd0c7f902 NFS: Judge the file access
> cache's timestamp in rcu path
> 5e9a7b9c2ea18551759833146a181b14835bfe39 NFS: Fix up a sparse warning
>
> [Test Plan]
> 1.[client side] testuser is not part of testgroup
>   testuser at kinetic:~$ ls -ld /mnt/private/
>   drwxrwx--- 2 root testgroup 4096 Nov 24 08:23 /mnt/private/
>   testuser at kinetic:~$ mktemp -p /mnt/private/
>   mktemp: failed to create file via template
>   ‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied
> 2.[server side] add testuser into testgroup, which has access to folder
>   root at kinetic:~$ usermod -aG testgroup testuser &&
>   echo `date +'%s'` > /proc/net/rpc/auth.unix.gid/flush
> 3.[client side] create a file again but still fail
>   testuser at kinetic:~$ mktemp -p /mnt/private/
>   mktemp: failed to create file via template
>   ‘/mnt/private/tmp.XXXXXXXXXX’: Permission denied
>
> [Where problems could occur]
> The fix will apply upstream commits, so the regression can be considered
> as low.
>
> Chengen Du (1):
>   (upstream) NFS: Judge the file access cache's timestamp in rcu path
>
> Trond Myklebust (2):
>   (upstream) NFS: Clear the file access cache upon login
>   (uptream) NFS: Fix up a sparse warning
>
>  fs/nfs/dir.c           | 28 ++++++++++++++++++++++++++++
>  include/linux/nfs_fs.h |  1 +
>  2 files changed, 29 insertions(+)
>
> --
> 2.25.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230127/dcb6910b/attachment.html>

More information about the kernel-team mailing list