From: "J. Bruce Fields" <bfields@fieldses.org>
To: Pierre Ossman <pierre-list-vCPtPcF4ZGuHXe+LvDLADg@public.gmane.org>
Cc: linux-nfs@vger.kernel.org
Subject: Re: Different options for subdir? Possible?
Date: Tue, 18 May 2010 14:24:28 -0400 [thread overview]
Message-ID: <20100518182428.GE20706@fieldses.org> (raw)
In-Reply-To: <20100518193445.0c8dbc17-OhHrUh4vRMS8I+09wXhka4dd74u8MsAO@public.gmane.org>
On Tue, May 18, 2010 at 07:34:45PM +0200, Pierre Ossman wrote:
> On Mon, 17 May 2010 16:49:47 -0400
> "J. Bruce Fields" <bfields@fieldses.org> wrote:
>
> > On Sat, May 15, 2010 at 03:31:04PM +0200, Pierre Ossman wrote:
> > > I'd like to export the filesystem /exports as ro, but the
> > > subdir /exports/dump as rw. I can't seem to get it to work though, so
> > > before I start digging deeper I figured I might ask if this is even
> > > possible? :)
> >
> > If the "dump" subdirectory is a subdirectory of the same filesystem (not
> > a mountpoint), and if you're using NFSv4 (or v2/v3 with crossmnt), the
> > client will continue to use the export options on the parent directory.
> >
>
> Hmm... client? Can't say I'm intimate with the NFS protocol, but access
> permissions like this seems like a server decision.
Yes, apologies for the imprecise language.
> > Also, note that it's relatively easy for someone with access to the
> > network to treat all of /exports as rw.
>
> Even with subtree check?
If you turn on subtree_check, you're safe. (That can cause other
problems, though, due to filehandles changing on cross-directory
rename.)
--b.
> > In general, export points that aren't mountpoints are not usually a good
> > idea.
>
> Fair enough. I'll have to figure something else out.
>
> Thanks
> --
> -- Pierre Ossman
>
> WARNING: This correspondence is being monitored by FRA, a
> Swedish intelligence agency. Make sure your server uses
> encryption for SMTP traffic and consider using PGP for
> end-to-end encryption.
prev parent reply other threads:[~2010-05-18 18:24 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-15 13:31 Different options for subdir? Possible? Pierre Ossman
[not found] ` <20100515153104.51f5e4ab-OhHrUh4vRMS8I+09wXhka4dd74u8MsAO@public.gmane.org>
2010-05-17 20:49 ` J. Bruce Fields
2010-05-18 17:34 ` Pierre Ossman
[not found] ` <20100518193445.0c8dbc17-OhHrUh4vRMS8I+09wXhka4dd74u8MsAO@public.gmane.org>
2010-05-18 18:24 ` J. Bruce Fields [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100518182428.GE20706@fieldses.org \
--to=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
--cc=pierre-list-vCPtPcF4ZGuHXe+LvDLADg@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.