From: Anthony Messina <amessina@messinet.com>
To: Jeff Layton <jlayton@redhat.com>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH/RFC: nfs-utils] Common systemd unit files for nfs-utils.
Date: Tue, 04 Feb 2014 08:18:06 -0600 [thread overview]
Message-ID: <1704334.S536sDEhjD@linux-ws1.messinet.com> (raw)
In-Reply-To: <20140204082426.449519bd@tlielax.poochiereds.net>
[-- Attachment #1: Type: text/plain, Size: 2569 bytes --]
On Tuesday, February 04, 2014 08:24:26 AM Jeff Layton wrote:
> On Tue, 04 Feb 2014 06:42:12 -0600
>
> Anthony Messina <amessina@messinet.com> wrote:
> > On Monday, February 03, 2014 04:01:21 PM Steve Dickson wrote:
> > > This changes the current API... Today to enable/start this service
> > >
> > > today one does:
> > >
> > > systemctl enable nfs-server
> > > systemctl start nfs-server
> > >
> > >
> > > which would change to:
> > >
> > > systemctl enable nfs-server.target
> > > systemctl start nfs-server
> > >
> > >
> > > with the same daemons being started.
> > > This changed will cause existing scripts to fail...
> > > I guess I don't see the point of having a .target file.
> > >
> > >
> > >
> > > How is rpc.svcgssd enabled? Since the .service file does
> > > not have a [Install] section the systemctl enable rpc.svcgssd
> > > fails.
> > >
> > >
> > >
> > > Also how does gss-proxy come to play in all this? Maybe we
> > > just use gss-proxy by default and retire rpc.svcgssd.
> >
> >
> >
> > Usually just a quite listener (end-user & small-time sysadmin) on this
> > ML...>
> >
> >
> > +1 for gss-proxy by default (for Fedora anyway). I've been using it
> > throughout F19 extensively in the KRB5/NFSv4.1 environment with great
> > success. I have nfs-secure-server.service "masked" via systemd to
> > prevent it from being started.
> >
> >
> >
> > There seems to be only one strange issue I've come across with gss-proxy
> > vs. rpc.svcgssd: https://fedorahosted.org/gss-proxy/ticket/98. This is
> > with regard to how access for the "nfsnobody" user is handled. The
> > ticket attempts to show that with rpc.svcgssd, a host with host
> > credentials and a user without credentials can still access NFS shares
> > with 0755 directories and 0644 files (via the host credentials and mapped
> > to the nfsnobody user). With gss-proxy, I had to create user credentials
> > for kojibuilder@REALM because the access wasn't allowed via the nfsnobody
> > path. I'm not sure if this is resolved, or by design, etc. But it is
> > the only issue I've seen with gss-proxy vs. rpc.svcgssd.
> >
> >
> >
> > Thanks. -A
> >
> >
>
> Please do open a bug at bugzilla.redhat.com for that and cc me on it.
> We really do want to ensure that these sorts of corner-cases get
> addressed.
https://bugzilla.redhat.com/show_bug.cgi?id=1061180
--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
prev parent reply other threads:[~2014-02-04 14:18 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-30 6:24 [PATCH/RFC: nfs-utils] Common systemd unit files for nfs-utils NeilBrown
2014-01-30 15:04 ` Weston Andros Adamson
2014-01-30 17:56 ` Weston Andros Adamson
2014-01-30 18:52 ` J. Bruce Fields
2014-01-30 22:50 ` NeilBrown
2014-01-30 23:17 ` Jim Rees
2014-01-30 20:06 ` Steve Dickson
2014-01-30 22:14 ` NeilBrown
2014-01-31 15:19 ` Steve Dickson
2014-01-31 16:15 ` Steve Dickson
2014-02-03 21:01 ` Steve Dickson
2014-02-03 22:34 ` NeilBrown
2014-02-04 16:20 ` J. Bruce Fields
2014-02-04 16:30 ` Chuck Lever
2014-02-04 19:00 ` Steve Dickson
2014-02-06 12:32 ` Simo Sorce
2014-02-05 3:09 ` NeilBrown
2014-02-05 15:56 ` Chuck Lever
2014-02-06 1:27 ` NeilBrown
2014-02-06 12:15 ` Simo Sorce
2014-02-06 16:09 ` Chuck Lever
2014-02-06 16:19 ` J. Bruce Fields
2014-02-10 20:50 ` Steve Dickson
2014-02-11 4:50 ` NeilBrown
2014-02-11 12:38 ` Steve Dickson
2014-02-11 16:37 ` J. Bruce Fields
2014-02-11 16:47 ` Steve Dickson
2014-02-11 16:56 ` J. Bruce Fields
2014-02-11 20:12 ` Steve Dickson
2014-02-04 18:26 ` Steve Dickson
2014-02-04 18:48 ` Anthony Messina
2014-02-04 18:54 ` J. Bruce Fields
2014-02-05 3:55 ` NeilBrown
2014-02-11 12:56 ` Steve Dickson
2014-02-05 5:43 ` NeilBrown
2014-02-05 21:11 ` J. Bruce Fields
2014-02-06 0:58 ` NeilBrown
2014-02-13 19:39 ` Steve Dickson
2014-02-04 12:42 ` Anthony Messina
2014-02-04 13:24 ` Jeff Layton
2014-02-04 14:18 ` Anthony Messina [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1704334.S536sDEhjD@linux-ws1.messinet.com \
--to=amessina@messinet.com \
--cc=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.