From owner-freebsd-current  Thu Apr 12 14:15:31 2001
Delivered-To: freebsd-current@freebsd.org
Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67])
	by hub.freebsd.org (Postfix) with ESMTP id 723AB37B424
	for <freebsd-current@FreeBSD.ORG>; Thu, 12 Apr 2001 14:15:29 -0700 (PDT)
	(envelope-from dillon@earth.backplane.com)
Received: (from dillon@localhost)
	by earth.backplane.com (8.11.2/8.11.2) id f3CLExb25647;
	Thu, 12 Apr 2001 14:14:59 -0700 (PDT)
	(envelope-from dillon)
Date: Thu, 12 Apr 2001 14:14:59 -0700 (PDT)
From: Matt Dillon <dillon@earth.backplane.com>
Message-Id: <200104122114.f3CLExb25647@earth.backplane.com>
To: Martin Blapp <mb@imp.ch>
Cc: freebsd-current@FreeBSD.ORG, Thomas Quinot <quinot@inf.enst.fr>
Subject: Re: NFS export to netgroup with duplicate hosts
References:  <Pine.SGI.4.10.10104121730490.3093471-100000@harem.imp.ch>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


:Hi,
:
:Of course you are right. Netgroup support got in some area broken
:when I did the IPv6 merge of NetBSD code. It will be fixed
:soon, sorry !
:
:Another issue with mountd is, that it allows still one set of flags
:for one mountpoint. This is done per radix entry in the kernel and tied
:to each file-system mount point. 
:
:If we manage it, mountd should soon be able to allow different mount flags
:for each path you export in /etc/exports.
:
:Martin
:
:Martin Blapp, mb@imp.ch

    You can't do that.  You could manage different perms for different
    hosts (i.e. /usr is rw for host A and /usr is ro for host B), but
    you can't mix perms for subdirectories within a mount to the
    same host.

    The reason is that the file handles passed to nfsd could then
    be trivially faked to gain rw access on a ro-exported subdirectory.
    For example, if you export /usr read-only and /usr/local read-write,
    you can then construct an NFS request using /usr/local's mount point
    but with a file handle that represents a file in /usr, and then be
    able to write to that file.  This is because the file handle
    representing file X will be almost identical no matter which mount
    point X is accessed relative to.

						-Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message