From: Rob Landley <rob@landley.net>
To: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: linux-kernel@vger.kernel.org
Subject: [offtopic] Re: udev and devfs - The final word
Date: Mon, 5 Jan 2004 01:03:12 -0600 [thread overview]
Message-ID: <200401050103.13032.rob@landley.net> (raw)
In-Reply-To: <1073278352.1165.36.camel@nidelv.trondhjem.org>
On Sunday 04 January 2004 22:52, Trond Myklebust wrote:
> På su , 04/01/2004 klokka 22:48, skreiv Rob Landley:
> > NFS always struck me as a peverse design. "The fileserver must be
> > stateless with regard to clients, even though maintainging state is what
> > a filesystem DOES, and the point of the thing is to export a filesystem."
> > Okay... (If it was exporting read-only filesystems with no locking of
> > any kind, maybe they'd have a point, but come on guys...)
>
> Sigh... What has that got to do with anything?
>
> Read the RFCs: NFS *was* entirely stateless until v4 was drafted.
> Locking was never part of the NFS protocol, but was an external addition
> that was documented by the Open Group. So, yes, there is a history and a
> reason behind all the talk of statelessness.
I vaguely remember being pretty well up to speed on V2 (circa... 1995?) The
last one I even glanced at was V3, but I never had to support it. I haven't
even looked at V4. For exporting /home directories, everybody I deal with
seems to want samba servers these days instead for some reason. (Couple of
net boot systems that care more about permissions than that, but ram's so
cheap that it's easier to just "ssh user@bootserver -i key "cat root_img.tgz"
| tar xz" into a ramfs or shmfs or some such. (Heck, the last system I set
up like that mounted a zisofs image and ran from that...)
I'm sure it's still useful. I just haven't wanted to even attempt to secure
it. For home directories, samba is doing a simple tcp/ip connection per
session, reestablishing it automatically if it breaks (same server reboot
question). Since _both_ protocols seem to suck pretty badly under the hood,
it's been a question of choosing the lesser of two evils. It seems that more
people actually USE samba, so...
> > So why, exactly, can the NFS server not maintain whatever extra state it
> > needs to remember between reboots in a filesystem? (Not even necessarily
> > the one it's exporting, just some rc file something under /var.) The
> > device node it was exporting USED to be in the filesystem, you know, ala
> > mknod. Now that the kernel's not keeping that stable, have the #*%(&#
> > server generate a number and make a note of it somewhere. (Is requiring
> > an NFS server to have access to persistent storage too much to ask?)
>
> It could be done (and probably entirely in userspace). I assume you are
> volunteering to do the work?
I don't like nfs, I haven't bothered to actually use it for anything since
1999, so no.
> > Personally, I could never figure out why Samba servers are in userspace
> > but NFS servers seem to want to live in the kernel. I can almost secure
> > a samba server for access to the outside world, but a NFS system that
> > isn't behind a firewall automatically says to me "this machine has
> > already been compromised eight ways from sunday within five minutes of
> > being exposed to the internet". Call me paranoid...
>
> Sun was doing Kerberos for NFS years before the Samba project was
> started.
>
> Security has bugger all to do with kernel or userland and everything to
> do with the short-sighted "munitions" policies of certain governments at
> the time around when the Sun RPC protocol was being drafted. The same
I can transparently tunnel any tcp/ip session through ssh with some iptables
rules and a dozen line python script. (Great fun for rolling your own vpn.)
Mixing UDP and encryption is just plain a bad idea: no level at which it
makes sense to store persistent connection state in a "fire and forget"
packet protocol...)
I.E. this also works with samba, but didn't with (old) NFS.
> policies were still around to dictate our implementation much later when
> we were doing RPC for Linux. Now the laws have changed, and so we've
> finally been able to add strong authentication in 2.6.x.
Can you recommend a good link to the history of NFS? Computer history's a
hobby of mine. (I've got snippets on this topic, but not any kind of unified
story of NFS...)
http://www.landley.net/history/mirror/index.html
http://www.landley.net/history/scans/index.html
> Cheers,
> Trond
Rob
next prev parent reply other threads:[~2004-01-05 7:04 UTC|newest]
Thread overview: 140+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <18Cz7-7Ep-7@gated-at.bofh.it>
2003-12-31 3:05 ` udev and devfs - The final word Pascal Schmidt
2003-12-31 19:23 ` Greg KH
2003-12-31 20:19 ` Rob Love
2003-12-31 22:01 ` Nathan Conrad
2003-12-31 22:20 ` Rob Love
2003-12-31 21:45 ` Tommi Virtanen
2003-12-31 23:10 ` Rob Love
2003-12-31 21:52 ` Tommi Virtanen
2004-01-02 0:17 ` Hollis Blanchard
2004-01-02 0:36 ` viro
2004-01-03 6:04 ` Greg KH
2003-12-31 22:55 ` viro
2003-12-31 23:05 ` Rob Love
2003-12-31 23:48 ` Andreas Dilger
2004-01-07 10:15 ` Olaf Hering
2004-01-07 11:18 ` viro
2004-01-07 13:00 ` Olaf Hering
2004-01-07 13:26 ` viro
2004-01-07 13:27 ` Olaf Hering
2004-01-01 0:15 ` Andries Brouwer
2004-01-01 0:31 ` Rob Love
2004-01-01 12:34 ` Rob Landley
2004-01-01 15:22 ` Rob Love
2004-01-01 15:48 ` Andries Brouwer
2004-01-01 15:54 ` Rob Love
2004-01-02 20:42 ` Linus Torvalds
2004-01-03 3:00 ` Andries Brouwer
2004-01-03 4:46 ` Linus Torvalds
2004-01-03 13:10 ` Andries Brouwer
2004-01-03 22:27 ` Linus Torvalds
2004-01-03 23:08 ` Andries Brouwer
2004-01-04 1:16 ` Mark Mielke
2004-01-04 1:54 ` Valdis.Kletnieks
2004-01-04 18:44 ` Mark Mielke
2004-01-04 2:09 ` Linus Torvalds
2004-01-04 2:49 ` Andries Brouwer
2004-01-04 3:04 ` Linus Torvalds
2004-01-04 4:36 ` Pentium 4 HT SMP Ananda Bhattacharya
2004-01-04 5:55 ` Martin J. Bligh
2004-01-04 13:21 ` udev and devfs - The final word Andries Brouwer
2004-01-04 21:05 ` Linus Torvalds
2004-01-04 22:01 ` Andries Brouwer
2004-01-04 22:37 ` viro
2004-01-05 1:02 ` Mark Mielke
2004-01-05 2:24 ` Valdis.Kletnieks
2004-01-05 2:29 ` Andries Brouwer
2004-01-05 3:42 ` viro
2004-01-04 22:37 ` Helge Hafting
2004-01-04 23:35 ` Valdis.Kletnieks
2004-01-05 1:43 ` Jeremy Maitin-Shepard
2004-01-05 1:47 ` st_dev:st_ino (was: Re: udev and devfs - The final word) Mark Mielke
2004-01-05 2:02 ` st_dev:st_ino Jeremy Maitin-Shepard
2004-01-05 3:14 ` st_dev:st_ino viro
2004-01-05 1:58 ` udev and devfs - The final word viro
2004-01-05 2:12 ` Jeremy Maitin-Shepard
2004-01-05 2:52 ` Linus Torvalds
2004-01-05 3:06 ` David Lang
2004-01-05 3:48 ` Rob Landley
2004-01-05 4:52 ` Trond Myklebust
2004-01-05 7:03 ` Rob Landley [this message]
2004-01-05 12:07 ` [offtopic] " Trond Myklebust
2004-01-05 15:13 ` Mark Mielke
2004-01-05 16:36 ` Andreas Schwab
2004-01-05 22:18 ` Mark Mielke
2004-01-05 3:07 ` Daniel Jacobowitz
2004-01-05 3:33 ` Linus Torvalds
2004-01-05 3:50 ` viro
2004-01-05 4:02 ` Linus Torvalds
2004-01-05 4:38 ` viro
2004-01-05 4:52 ` Linus Torvalds
2004-01-05 6:11 ` viro
2004-01-05 7:47 ` Greg KH
2004-01-05 11:15 ` Vojtech Pavlik
2004-01-05 20:11 ` Theodore Ts'o
2004-01-05 21:06 ` Vojtech Pavlik
2004-01-05 22:22 ` Theodore Ts'o
2004-01-06 0:14 ` Rob Landley
2004-01-06 17:28 ` [OT] " Disconnect
2004-01-11 22:12 ` Ed L Cashin
2004-01-05 5:26 ` Eric W. Biederman
2004-01-05 7:39 ` Greg KH
2004-01-07 9:57 ` Pavel Machek
2004-01-05 12:27 ` Andries Brouwer
2004-01-05 16:13 ` Linus Torvalds
2004-01-05 17:29 ` Vojtech Pavlik
2004-01-05 17:33 ` Linus Torvalds
2004-01-05 17:52 ` Davide Libenzi
2004-01-05 18:03 ` Linus Torvalds
2004-01-05 18:09 ` Hugo Mills
2004-01-05 19:10 ` Paul Rolland
2004-01-05 19:52 ` Andries Brouwer
2004-01-05 20:38 ` Linus Torvalds
2004-01-05 22:17 ` Shawn
2004-01-05 22:25 ` Mark Mielke
2004-01-05 23:05 ` Shawn
2004-01-05 23:23 ` Shawn
2004-01-06 0:43 ` Greg KH
2004-01-06 0:53 ` Shawn
2004-01-05 23:13 ` Andries Brouwer
2004-01-05 23:32 ` Linus Torvalds
2004-01-06 0:59 ` viro
2004-01-06 1:17 ` Linus Torvalds
2004-01-06 4:28 ` viro
2004-01-06 5:07 ` Linus Torvalds
2004-01-06 1:06 ` Andries Brouwer
2004-01-06 15:00 ` Mark Mielke
2004-01-06 0:00 ` Greg KH
2004-01-06 1:41 ` Andries Brouwer
2004-01-07 17:14 ` Greg KH
2004-01-06 0:31 ` Rob Landley
2004-01-06 7:14 ` Vojtech Pavlik
2004-01-06 0:36 ` Silly udev script [was Re: udev and devfs - The final word] Greg KH
2004-01-06 0:36 ` Greg KH
2004-01-06 4:02 ` Kay Sievers
2004-01-10 1:04 ` Greg KH
2004-01-05 7:44 ` udev and devfs - The final word James H. Cloos Jr.
2004-01-05 7:45 ` Nigel Cunningham
2004-01-05 11:01 ` Robin Rosenberg
2004-01-05 12:39 ` Nigel Cunningham
2004-01-05 14:31 ` IRQ disabled on linux 2.6.1-rc1-mm1 Mainak Mandal _00007001_
2004-01-07 13:39 ` udev and devfs - The final word Robin Rosenberg
2004-01-07 17:16 ` Nigel Cunningham
2004-01-05 9:06 ` Valdis.Kletnieks
2004-01-05 4:15 ` Peter Chubb
2004-01-05 4:42 ` Linus Torvalds
2004-01-03 18:34 ` Wrapping jiffies [was Re: udev and devfs - The final word] Pavel Machek
2004-01-01 19:43 ` udev and devfs - The final word Kai Henningsen
2004-01-02 7:26 ` Rob Landley
2004-01-04 8:57 ` Greg KH
2004-01-04 9:43 ` Rob Landley
2004-01-02 0:17 ` Maciej Zenczykowski
[not found] ` <20040102103104.GA28168@mark.mielke.cc>
2004-01-03 6:07 ` Greg KH
2004-01-03 6:51 ` Valdis.Kletnieks
2004-01-03 11:57 ` Ian Kent
2004-01-03 22:08 ` Greg KH
2004-01-07 10:23 ` Olaf Hering
2004-01-01 23:14 ` Rob
2004-01-02 3:53 ` Tyler Hall
2004-01-01 16:17 ` Pascal Schmidt
2004-01-01 20:03 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200401050103.13032.rob@landley.net \
--to=rob@landley.net \
--cc=linux-kernel@vger.kernel.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.