From root@engg.ucalgary.ca  Thu Sep 26 15:49:54 1996
Received: from engg.ucalgary.ca (gw.engg.ucalgary.ca [136.159.96.112])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id PAA10279
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 26 Sep 1996 15:49:52 -0700 (PDT)
Received: from zeus.engg.ucalgary.ca by engg.ucalgary.ca (AIX 4.1/UCB 5.64/4.03)
          id AA17290; Thu, 26 Sep 1996 16:50:49 -0600
Received: by zeus.engg.ucalgary.ca (8.7.5/client-1.5)
	id QAA01603; Thu, 26 Sep 1996 16:49:47 -0600 (MDT)
Message-Id: <199609262249.QAA01603@zeus.engg.ucalgary.ca>
Date: Thu, 26 Sep 1996 16:49:47 -0600 (MDT)
From: root@engg.ucalgary.ca
Reply-To: gord@enci.ucalgary.ca
To: FreeBSD-gnats-submit@freebsd.org
Subject: inconsistent permission failures on NFS requests
X-Send-Pr-Version: 3.2

>Number:         1684
>Category:       kern
>Synopsis:       inconsistent permission failures on NFS requests
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 26 15:50:01 PDT 1996
>Closed-Date:    Mon May 19 07:34:13 PDT 1997
>Last-Modified:  Mon May 19 07:35:00 PDT 1997
>Originator:     
>Release:        FreeBSD 2.1-STABLE i386
>Organization:
Engineering Undergraduate Studies, University of Calgary
>Environment:

FreeBSD c16.engg.ucalgary.ca 2.1.5-RELEASE
FreeBSD 2.1.5-RELEASE #1: Tue Aug 20 02:52:03 MDT 1996
root@zeus.engg.ucalgary.ca:/usr/src/sys/compile/DECPC
i386

c16 is an NFS client of gw.engg.ucalgary.ca, an AIX (4.1) NFS server.
gw:/user2 is exported to c16 read/write, with root accesses mapped to
the user ``nobody''.

>Description:

When a regular user attempts to print a file using lpr, the file only
prints if its contents are already in the cache.  Otherwise, the
attempt fails with:

lpr: FILENAME: empty input file

My theory is that since lpr is setuid to root, FreeBSD is requesting
the file as root, not as the user.  Then, gw denies the request,
because the user `nobody' doesn't have access to the file.

>How-To-Repeat:

Script started on Thu Sep 26 16:41:03 1996
c16:~$ mkdir lprtest
c16:~$ cd lprtest
c16:~/lprtest$ chmod 755 .
c16:~/lprtest$ cp /etc/passwd foo
c16:~/lprtest$ cp /etc/passwd bar
c16:~/lprtest$ ls -al
total 32
drwxr-xr-x   2 gord  develop   512 Sep 26 16:42 ./
drwxr-sr-x  16 gord  develop  2048 Sep 26 16:42 ../
-rw-------   1 gord  develop   575 Sep 26 16:42 bar
-rw-------   1 gord  develop   575 Sep 26 16:42 foo
c16:~/lprtest$ chmod a+r foo
c16:~/lprtest$ lpr foo
c16:~/lprtest$ lpr bar
lpr: bar: empty input file
c16:~/lprtest$ cat bar
root:*:0:0:Charlie &:/root:/bin/bash
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:31:Owner of many system processes:/root:
operator:*:2:20:System &:/usr/guest/operator:/bin/csh
bin:*:3:7:Binaries Commands and Source,,,:/:/nonexistent
games:*:7:13:Games pseudo-user:/usr/games:
news:*:8:8:News Subsystem:/:/nonexistent
man:*:9:9:Mister Man Pages:/usr/share/man:
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67:X-10 daemon:/usr/local/xten:/nonexistent
nobody:*:65534:65534:Unprivileged user:/nonexistent:/nonexistent
+:*:0:0:::
c16:~/lprtest$ lpr bar
c16:~/lprtest$ exit

Script done on Thu Sep 26 16:42:11 1996


>Fix:
	
I have not investigated the problem fully, but it seems that FreeBSD
should be modified to send NFS requests both as the real and effective
user id's when they differ.  Ultrix 4.2 (!) has no problem with the
above sequence of commands.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: dfr 
State-Changed-When: Mon May 19 07:34:13 PDT 1997 
State-Changed-Why:  
Fixed in rev 1.48 of sys/nfs/nfs_vnops.c. 
>Unformatted:
Gordon Matzigkeit
