[OpenAFS-devel] [PATCH] afs, bash: Fix open(O_CREAT) on an extant AFS file in a sticky dir

Cheyenne Wills cwills@sinenomine.net
Mon, 19 May 2025 11:46:23 -0600 

Thanks for the additional background information. =20

I wasn't aware of the problem associated with fs/protected_regular (nor
was it, I believe, mentioned in any of the prior messages in the
thread).  So I was focusing on trying to figure out if the original
reason why bash added the workaround was still present, and thought
that David's test as an method to check for it.

I'll have to dig into what the needs to be done to add support for
fs/protected_regular in OpenAFS.

--=20
Cheyenne Wills
cwills@sinenomine.net



On Sat, 17 May 2025 17:04:17 -0400
Jeffrey E Altman <jaltman@auristor.com> wrote:
> On 5/17/2025 12:06 PM, Cheyenne Wills wrote:
>=20
>  [...] =20
>  [...] =20
>  [...] =20
>=20
> David's test is for the fs/protected_regular functionality which is=20
> broken with regards to AFS when the local uid namespace and the AFS
> uid namespace are disjoint.=C2=A0 His test is not for the situation which
> caused bash to add the open(flags & ~O_CREAT) fallback logic in 1992.
>  The Linux fs/protected_regular functionality is not present in
> CentOS 6 kernel so could not be triggered by the test; and bash on
> gentoo is built without the fallback and the fs/protected_regular
> functionality might not be enabled by default.=C2=A0 It should also be
> noted that the OS for which the bash fallback logic was introduced
> was not Linux.
>=20
> I do not believe that any conclusions can be made from the tests that=20
> have been performed.
>=20
> IBM AFS 3.2 included a client side change to address the narrow use
> case involving AFS ACLs granting only "liw" rights which broke the
> CMU mail delivery system.=C2=A0 However, IBM did not address all of the
> possible scenarios which could result in an O_CREAT open failing with
> EACCES when a ~O_CREAT open would succeed for an existing file.=C2=A0 For
> example, the fileserver will fail MkDir, CreateFile and CreateSymlink
> with EACCES instead of EEXIST if the caller lacks PRSFS_INSERT.=C2=A0 A
> comprehensive analysis of client side behavior in OpenAFS has not
> been performed by AuriStor.
>=20
> Jeffrey Altman
>=20
>=20