[fedfs-utils] [PATCH 3/8] libjunction: Clear mode bits when creating a junction

Chuck Lever chuck.lever at oracle.com
Mon Sep 19 15:42:14 PDT 2011 

Because NFSD has to examine each directory in a path when doing
pathname resolution, the test to see if a directory is a junction must
be very efficient.  Retrieving an inode's extended attributes is not
fast, so we use a special combination of mode bits to signal that it's
going to be worth the expense of looking at the xattrs during pathname
resolution.

Up to this point, libjunction was simply setting the sticky bit on the
directory.  The sticky bit by itself is fairly common amongst
directories, however.  The original design was to clear the permission
bits as well, since zero permission with the sticky bit set is
nonsense, and also prevents local readers from seeing what's inside
the junction directory.

However, Trond's NFSD patch wasn't looking at the permission bits at
all.  So my libjunction implementation never bothered to clear a new
junction's permission bits.  Now that we are trying to merge the NFSD
patches upstream, we've discovered the omission.  The merged version
of these patches will consider the permission bits, therefore
libjunction must clear them when setting up a junction.

Signed-off-by: Chuck Lever <chuck.lever at oracle.com>
---

 src/libjunction/junction.c |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/src/libjunction/junction.c b/src/libjunction/junction.c
index f3ab14f..10fc5f2 100644
--- a/src/libjunction/junction.c
+++ b/src/libjunction/junction.c
@@ -155,6 +155,12 @@ fedfs_is_sticky_bit_set(int fd, const char *path)
 		return FEDFS_ERR_ACCESS;
 	}
 
+	if (stb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
+		xlog(D_CALL, "%s: execute bit set on %s",
+				__func__, path);
+		return FEDFS_ERR_NOTJUNCT;
+	}
+
 	if (!(stb.st_mode & S_ISVTX)) {
 		xlog(D_CALL, "%s: sticky bit not set on %s",
 				__func__, path);
@@ -166,7 +172,7 @@ fedfs_is_sticky_bit_set(int fd, const char *path)
 }
 
 /**
- * Set a directory's sticky bit
+ * Set just a directory's sticky bit
  *
  * @param fd an open file descriptor
  * @param path NUL-terminated C string containing pathname of a directory
@@ -183,6 +189,7 @@ fedfs_set_sticky_bit(int fd, const char *path)
 		return FEDFS_ERR_ACCESS;
 	}
 
+	stb.st_mode &= ~ALLPERMS;
 	stb.st_mode |= S_ISVTX;
 
 	if (fchmod(fd, stb.st_mode) == -1) {

More information about the fedfs-utils-devel mailing list