Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Apr 1995 15:42:59 -0400
From:      Garrett Wollman <wollman@halloran-eldar.lcs.mit.edu>
To:        chain@mpd.tandem.com (Chain Lee)
Cc:        current@FreeBSD.org
Subject:   Re: 950412-SNAP
Message-ID:  <9504201942.AA05876@halloran-eldar.lcs.mit.edu>
In-Reply-To: <9504201916.AA08100@muzak>
References:  <9504201916.AA08100@muzak>

next in thread | previous in thread | raw e-mail | index | archive | help
<<On Thu, 20 Apr 1995 14:16:35 -0500 (CDT), chain@mpd.tandem.com (Chain Lee) said:

> 3) One more thing: mountd seems to allow only one directory to be exported
> for a mounted file system if no -alldirs options is given. The
> subsequent entries will get "permission denied" error when being mounted.
> Is this a desired behavior or a bug (or I was doing something wrong?)

Guelph NFS access control operates at the mount points, so this is
intentional.  If you allowed users to mount any old directory without
providing some way to tell the kernel about it, then users would
mysteriously find that their mount requests would succeed but then
filesystem operations would not, which is clearly even more
undesirable.  It would be impractical to apply an access-control list
at every single vnode, although it might be worth trying anyway to
quantify the memory hit.

So, in other words, it's a feature to enhance security (although not
by much).

-GAWollman

--
Garrett A. Wollman   | Shashish is simple, it's discreet, it's brief. ... 
wollman@lcs.mit.edu  | Shashish is the bonding of hearts in spite of distance.
Opinions not those of| It is a bond more powerful than absence.  We like people
MIT, LCS, ANA, or NSA| who like Shashish.  - Claude McKenzie + Florent Vollant



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9504201942.AA05876>