From cf88a73d443241daf002df0514bca0d222e204d4 Mon Sep 17 00:00:00 2001 From: Brian Behlendorf Date: Wed, 29 Nov 2017 17:21:09 -0500 Subject: [PATCH] Fix NFS sticky bit permission denied error When zfs_sticky_remove_access() was originally adapted for Linux a typo was made which altered the intended behavior. As described in the block comment, the intended behavior is that permission should be granted when the entry is a regular file and you have write access. That is, S_ISREG should have been used instead of S_ISDIR. Restricting permission to regular files made good sense for older systems where setting the bit on executable files would instruct the system to save the program's text segment on the swap device. On modern systems this behavior has been replaced by the sticky bit acting as a restricted deletion flag and the plain file restriction has been relaxed. Signed-off-by: Brian Behlendorf Issue #6889 --- module/zfs/zfs_dir.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/module/zfs/zfs_dir.c b/module/zfs/zfs_dir.c index 1fcc69fd12e6..c6ee30291f7d 100644 --- a/module/zfs/zfs_dir.c +++ b/module/zfs/zfs_dir.c @@ -1126,7 +1126,7 @@ zfs_get_xattrdir(znode_t *zp, struct inode **xipp, cred_t *cr, int flags) * * you own the directory, * you own the entry, - * the entry is a plain file and you have write access, + * you have write access to the entry, * or you are privileged (checked in secpolicy...). * * The function returns 0 if remove access is granted. @@ -1151,8 +1151,7 @@ zfs_sticky_remove_access(znode_t *zdp, znode_t *zp, cred_t *cr) cr, ZFS_OWNER); if ((uid = crgetuid(cr)) == downer || uid == fowner || - (S_ISDIR(ZTOI(zp)->i_mode) && - zfs_zaccess(zp, ACE_WRITE_DATA, 0, B_FALSE, cr) == 0)) + zfs_zaccess(zp, ACE_WRITE_DATA, 0, B_FALSE, cr) == 0) return (0); else return (secpolicy_vnode_remove(cr));