From: <me@josuah.net>
To: 9front@9front.org
Subject: [9front] no more auth in exportfs(4)?
Date: Thu, 30 Sep 2021 21:32:08 +0200 [thread overview]
Message-ID: <A72B92C315D464F7DE8A24581FA3CCAF@z0.is> (raw)
I am trying to PXE boot to my raspberry pi 2, currently acting as
fs, auth and cpu. I boot a laptop over PXE and it works all good,
but the laptop does not have write access to its filesystem.
By running "allow" on /srv/hjfs.cmd, I can write, and the files
are created as user none, the same user as exportfs.
Starting with commit 27a83106f4b5b68d77afa8f800d92398163a7043 there
is no more authentication on exportfs:
- if(na == nil && doauth){
- /*
- * We use p9any so we don't have to visit this code again, with the
- * cost that this code is incompatible with the old world, which
- * requires p9sk2. (The two differ in who talks first, so compatibility
- * is awkward.)
- */
- ai = auth_proxy(0, auth_getkey, "proto=p9any role=server %s", keyspec);
- if(ai == nil)
- fatal("auth_proxy: %r");
- if(nonone && strcmp(ai->cuid, "none") == 0)
- fatal("exportfs by none disallowed");
- if(auth_chuid(ai, nsfile) < 0)
- fatal("auth_chuid: %r");
- else { /* chown network connection */
- Dir nd;
- nulldir(&nd);
- nd.mode = 0660;
- nd.uid = ai->cuid;
- dirfwstat(0, &nd);
- }
- putenv("service", "exportfs");
- }
auth_chuid() is what I think am after: writing to capuse.
The long-ish comment seens ti refer to the changes described in
/sys/doc/auth.ps that put factotum as main auth agent.
Is that feature of plan9 moving somewhere else? Am I having the
wrong approach? If it is a work in progress?
I will try a patch adding auth code into exportfs in the meantime,
that will be a good exercise anyway.
next reply other threads:[~2021-09-30 21:50 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-30 19:32 me [this message]
2021-10-01 8:49 ` cinap_lenrek
2021-10-01 9:11 ` [9front] [PATCH] inherit the auth_chid to exportfs Josuah Demangeon
2021-10-02 19:55 ` cinap_lenrek
2021-10-03 9:36 ` sirjofri
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=A72B92C315D464F7DE8A24581FA3CCAF@z0.is \
--to=me@josuah.net \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).