From owner-freebsd-current Thu Apr 20 12:43:23 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA07377 for current-outgoing; Thu, 20 Apr 1995 12:43:23 -0700 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id MAA07371 for ; Thu, 20 Apr 1995 12:43:19 -0700 Received: by halloran-eldar.lcs.mit.edu; id AA05876; Thu, 20 Apr 1995 15:42:59 -0400 Date: Thu, 20 Apr 1995 15:42:59 -0400 From: Garrett Wollman Message-Id: <9504201942.AA05876@halloran-eldar.lcs.mit.edu> To: chain@mpd.tandem.com (Chain Lee) Cc: current@FreeBSD.org Subject: Re: 950412-SNAP In-Reply-To: <9504201916.AA08100@muzak> References: <9504201916.AA08100@muzak> Sender: current-owner@FreeBSD.org Precedence: bulk < 3) One more thing: mountd seems to allow only one directory to be exported > for a mounted file system if no -alldirs options is given. The > subsequent entries will get "permission denied" error when being mounted. > Is this a desired behavior or a bug (or I was doing something wrong?) Guelph NFS access control operates at the mount points, so this is intentional. If you allowed users to mount any old directory without providing some way to tell the kernel about it, then users would mysteriously find that their mount requests would succeed but then filesystem operations would not, which is clearly even more undesirable. It would be impractical to apply an access-control list at every single vnode, although it might be worth trying anyway to quantify the memory hit. So, in other words, it's a feature to enhance security (although not by much). -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant