From: Simon Peter <simon.peter@gmx.de>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: nfs@lists.sourceforge.net, "Talpey, Thomas" <Thomas.Talpey@netapp.com>
Subject: Re: Delays on "first" access to a NFS mount
Date: Thu, 8 Mar 2007 00:19:48 +0100 [thread overview]
Message-ID: <20070308001948.7496c629.simon.peter@gmx.de> (raw)
In-Reply-To: <20070307220541.GS26553@fieldses.org>
> > Not all of my exported directories are mountpoints of the underlying
> > VFS of the server.
> I'd be curious why. There's some hard-to-solve security problems
> there--people can guess filehandles of unexported files and access
> them directly without lookups. So some day I'd love to actually
> forbid (or at least strongly discourage) what you're doing.... But
> clearly we'd first need to understand why people do that and make
> sure there are adequate alternatives.
Well, I've actually done it for security (not knowing what you just
said about it). There are some directories on those disks that I don't
want people to poke around in, so I don't export the whole filesystem
of a disk. For some other directories, I have different access
constraints.
For example, there's one subdirectory that I export to two subnets and
one that is only exported to one of them. I do that because I have an
"access granting" security philosophy: At first, any access is denied
and then I grant access only to those people who can make use of their
granted resources. Since one of those directories is only useful to
the users of that one subnet, I only export it for that one.
> > Some are, though.
> Are the spinning-up delays happening only on those drives that have
> exported directories that aren't mountpoints?
I just notice that I was wrong. No exports are on mountpoints. I'm
sorry.
> > Are you sure these are invalidated automatically, especially through
> > nfs-utils? If the kernel cache never expires, it should consequently
> > never ask for it, so nfs-utils would not be involved. Am I missing
> > something?
> There's also a mechanism by which nfs-utils can ask for the whole
> cache to be flushed immediately on its own. So re-running exportfs
> to change the exports, for example, should result in the cache being
> flushed. I haven't checked whether that's done in all the places it
> should be, but it probably is.
Okay. So if we really only need major, minor and inode information,
like Neil said, then that would work. Because otherwise the data on
disk could change without the kernel noticing.
Simon
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2007-03-07 23:20 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-07 10:23 Delays on "first" access to a NFS mount Simon Peter
2007-03-07 12:38 ` Talpey, Thomas
2007-03-07 13:22 ` Simon Peter
2007-03-07 15:06 ` Simon Peter
2007-03-07 15:10 ` Simon Peter
2007-03-07 15:42 ` J. Bruce Fields
2007-03-07 18:44 ` Simon Peter
2007-03-07 20:29 ` J. Bruce Fields
2007-03-07 21:46 ` Simon Peter
2007-03-07 22:05 ` J. Bruce Fields
2007-03-07 23:19 ` Simon Peter [this message]
2007-03-07 22:09 ` Neil Brown
2007-03-08 15:49 ` Simon Peter
2007-03-09 13:02 ` Simon Peter
2007-03-09 14:59 ` J. Bruce Fields
2007-03-07 20:31 ` Talpey, Thomas
2007-03-07 20:50 ` J. Bruce Fields
2007-03-07 21:07 ` Talpey, Thomas
2007-03-07 21:17 ` J. Bruce Fields
2007-03-07 21:23 ` Talpey, Thomas
2007-03-07 21:54 ` J. Bruce Fields
2007-03-07 22:37 ` Neil Brown
2007-03-07 23:06 ` J. Bruce Fields
2007-03-07 23:39 ` Neil Brown
2007-03-08 5:14 ` J. Bruce Fields
2007-03-08 5:42 ` Neil Brown
2007-03-08 13:43 ` Olaf Kirch
2007-03-08 21:27 ` J. Bruce Fields
2007-03-09 15:02 ` Olaf Kirch
2007-03-16 21:47 ` Christoph Hellwig
2007-03-16 21:54 ` J. Bruce Fields
2007-03-16 21:57 ` Christoph Hellwig
2007-03-07 23:24 ` J. Bruce Fields
2007-03-07 23:51 ` Neil Brown
2007-03-08 4:36 ` J. Bruce Fields
2007-03-08 13:27 ` Olaf Kirch
2007-03-08 21:46 ` J. Bruce Fields
2007-03-07 22:15 ` Neil Brown
2007-03-07 21:40 ` Simon Peter
2007-03-07 22:17 ` Neil Brown
2007-03-07 22:36 ` Talpey, Thomas
2007-03-07 22:48 ` Neil Brown
2007-03-07 22:56 ` Talpey, Thomas
2007-03-07 22:12 ` Neil Brown
2007-03-07 22:23 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070308001948.7496c629.simon.peter@gmx.de \
--to=simon.peter@gmx.de \
--cc=Thomas.Talpey@netapp.com \
--cc=bfields@fieldses.org \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.