From owner-freebsd-arch Mon Apr 9 17:51:49 2001 Delivered-To: freebsd-arch@freebsd.org Received: from smtp05.primenet.com (smtp05.primenet.com [206.165.6.135]) by hub.freebsd.org (Postfix) with ESMTP id 0F07137B42C; Mon, 9 Apr 2001 17:51:47 -0700 (PDT) (envelope-from tlambert@usr01.primenet.com) Received: (from daemon@localhost) by smtp05.primenet.com (8.9.3/8.9.3) id RAA16328; Mon, 9 Apr 2001 17:51:41 -0700 (MST) Received: from usr01.primenet.com(206.165.6.201) via SMTP by smtp05.primenet.com, id smtpdAAAOyaaXF; Mon Apr 9 17:51:28 2001 Received: (from tlambert@localhost) by usr01.primenet.com (8.8.5/8.8.5) id RAA25363; Mon, 9 Apr 2001 17:51:32 -0700 (MST) From: Terry Lambert Message-Id: <200104100051.RAA25363@usr01.primenet.com> Subject: Re: Eliminate crget() from nfs kernel code? To: jhb@FreeBSD.org (John Baldwin) Date: Tue, 10 Apr 2001 00:51:31 +0000 (GMT) Cc: tlambert@primenet.com (Terry Lambert), rwatson@FreeBSD.org (((Robert Watson))), dillon@earth.backplane.com (((Matt Dillon))), freebsd-arch@FreeBSD.org In-Reply-To: from "John Baldwin" at Apr 09, 2001 03:59:49 PM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > I think that for the NFS case, the best thing to do would be to > > create a persistant "root" credential, and pass that, instead. > > So long as this doesn't give out extra privilege. Of course, you would need to re-mask locally. > > Doing anything else is likely to break somewhere, even if FreeBSD > > never implements client cacheing (NFSv3 permits it over the lifetime > > of a lease; NFSv4 practically demands it to get the best performance). > > I fail to see why using the actual credential from the requesting process > instead of blindly granting root privileges will break client caching. If > anything, I'm inclined to view it the other way around, but that's just me. Because you may be denied access, while I am not denied access, so cacheing the answer is the wrong thing to do. What you really want to cache is the stat information, which can then be checked against your credential locally. To do that, you have to have the necessary rights to get the stat information. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message