Date: Thu, 20 Apr 1995 15:42:59 -0400 From: Garrett Wollman <wollman@halloran-eldar.lcs.mit.edu> To: chain@mpd.tandem.com (Chain Lee) Cc: current@FreeBSD.org Subject: Re: 950412-SNAP Message-ID: <9504201942.AA05876@halloran-eldar.lcs.mit.edu> In-Reply-To: <9504201916.AA08100@muzak> References: <9504201916.AA08100@muzak>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Thu, 20 Apr 1995 14:16:35 -0500 (CDT), chain@mpd.tandem.com (Chain Lee) said: > 3) One more thing: mountd seems to allow only one directory to be exported > for a mounted file system if no -alldirs options is given. The > subsequent entries will get "permission denied" error when being mounted. > Is this a desired behavior or a bug (or I was doing something wrong?) Guelph NFS access control operates at the mount points, so this is intentional. If you allowed users to mount any old directory without providing some way to tell the kernel about it, then users would mysteriously find that their mount requests would succeed but then filesystem operations would not, which is clearly even more undesirable. It would be impractical to apply an access-control list at every single vnode, although it might be worth trying anyway to quantify the memory hit. So, in other words, it's a feature to enhance security (although not by much). -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9504201942.AA05876>