[PATCH 0/5] Dynamic Pseudo Root
J. Bruce Fields
bfields at fieldses.org
Tue Feb 19 14:09:51 EST 2008
On Mon, Feb 18, 2008 at 07:14:10PM -0500, Trond Myklebust wrote:
>
> On Mon, 2008-02-18 at 21:52 +0100, Gabriel Barazer wrote:
> > On 02/18/2008 9:09:32 PM +0100, Trond Myklebust
> > <trond.myklebust at fys.uio.no> wrote:
> > > On Mon, 2008-02-18 at 20:41 +0100, Gabriel Barazer wrote:
> > >
> > >> AFAIK, you can define only one pseudoroot fs for all the NFSv4 clients,
> > >> so you have only one namespace to "export", right?
> > >
> > > No! That would be a regression w.r.t. NFSv2/v3.
> >
> > Maybe I used the wrong words: What I am trying to say is that you will
> > not ever have one client (client1) seeing a /foo/bar export that is a
> > different directory for another client. multiple namespaces would mean
> > that they have independant export entries (=directories), and you could
> > have a /foo entry exported on client1 that is a different directory than
> > another "/foo" entry exported on client2. What we have is a "/foo"
> > export which the same directory on every allowed client, but visible or
> > not. This behavior is not a regression regarding NFSv2/3. I'm not
> > talking about having one single "export" per client.
>
> The point is that the behaviour of that '/foo' will depend on whether or
> not the directory is part of the pseudo-fs or not. That is not even a
> per-client thing, it can be a per-_user_ thing if you have RPCSEC_GSS
> security enabled.
I lost you with the "per-_user_" thing. Could you give an example?
Are you expecting that something like
/foo/bar client1(sec=krb5)
/foo/bar/baz client1(sec=sys:krb5)
would result in client1 being allowed to do a krb5 nfsv4 readdir on
/foo/bar and get a directory with just "baz"?
I would have expected such a readdir to just get wrongsec.
--b.
More information about the NFSv4
mailing list