We're running Solaris 10 with ZFS to provide home and group directory file space over NFSv4. We've run into an interoperability issue between the Solaris NFS server and the Linux NFS client regarding the sgid bit on directories and assigning appropriate group ownership on newly created subdirectories.
If a directory exists with the sgid bit set owned by a group other than the user's primary group, new directories created in that directory are owned by the primary group rather than by the group of the parent directory. Evidently, the Solaris NFS server assumes the client will specify the correct owner of the directory, whereas the Linux NFS client assumes the server is in charge of implementing the sgid functionality and will assign the right group itself. As such, with a Solaris server and a Linux client the functionality is simply broken :(. This poses a considerable security issue, as the GROUP@ inherited ACL now provides access to the primary group of the user rather than the intended group, which as you might imagine is somewhat problematic. Ideally, it seems that the server should be responsible for this, rather than the client voluntarily enforcing it. Is this functionality strictly defined anywhere, or is it implementation dependent? You'd think something like this would have turned up in an interoperability bake-off at some point. Thanks for any information... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | hen...@csupomona.edu California State Polytechnic University | Pomona CA 91768 _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
