From: simo <idra@samba.org>
To: Stef Bon <stefbon@gmail.com>
Cc: "Myklebust, Trond" <Trond.Myklebust@netapp.com>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
linux-cifs <linux-cifs@vger.kernel.org>
Subject: Re: Possible to make nfs aware of a inotify watch has been set.
Date: Thu, 29 Nov 2012 10:22:05 -0500 [thread overview]
Message-ID: <1354202525.4064.1.camel@pico.ipa.ssimo.org> (raw)
In-Reply-To: <CANXojcxR9673fRObMLPSScogAN05RSVhPFoni=ENc6YDWq9T7w@mail.gmail.com>
On Thu, 2012-11-29 at 15:49 +0100, Stef Bon wrote:
> 2012/11/29 Myklebust, Trond <Trond.Myklebust@netapp.com>:
> >> -----Original Message-----
> >>
> >> 1. while the filesystems are using credentails or tickets to get access to a
> >> remote resource, this is a bit difficult for notifyfs.
> >> Notifyfs bypasses that. Maybe this leads to permissions/abuse I cannot see
> >> directly.
> >
> > Lack of security is a showstopper. There are good reasons why inotify won't allow you to monitor files for which you don't have access permissions.
> >
>
> Let me explain, I think you not understand fully.
>
> Notifyfs does not allow users/clients to set a watch if there are no
> read permissions (the object and access for the whole path to it), so
> there are no security issues there.
>
> What I mean is that any program can contact the remote notifyfs
> server, and this remote notifyfs server cannot figure out it's a valid
> request from another notifyfs server, or a program faking that.
> In the construction I describe it does not check that (yet).
>
> >>
> >> What do you think, is the latest option possible??
> >
> > So what is the killer app for inotify on NFS/CIFS/FUSE? What programs do you need to run on a NFS/CIFS/FUSE client that use inotify and that wouldn't be better off running on the server instead?
> >
>
> What do you mean with "better off running on the server instead"?
> There are a lot of programs interested in fs changes, like a simple
> file manager. I think it's a very nice feature to see changes right
> away in the view.
> It's not a killer app, but a think the whole user experience is
> improving when your system is able to keep a view (like a view in the
> file manager) up to date.
>
> > IOW: whose problem are you trying to solve?
>
> I think that enabling fs notify on network filesystems like nfs, cifs
> and fuse is a good thing (see above). On systems like Windows and iOS
> since long time this works.
CIFS has notification capabilities built in (oplocks), as does NFS
(leases), is this not sufficient ?
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo@samba.org>
Principal Software Engineer at Red Hat, Inc. <simo@redhat.com>
next prev parent reply other threads:[~2012-11-29 15:27 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-29 9:32 Possible to make nfs aware of a inotify watch has been set Stef Bon
2012-11-29 14:03 ` Myklebust, Trond
2012-11-29 14:49 ` Stef Bon
2012-11-29 14:54 ` Myklebust, Trond
2012-11-29 15:22 ` simo [this message]
2012-11-29 15:33 ` Myklebust, Trond
2012-11-29 16:28 ` Steve French
2012-11-29 17:05 ` Myklebust, Trond
2012-11-29 16:39 ` Stef Bon
2012-11-29 17:11 ` Myklebust, Trond
2012-11-29 20:05 ` simo
2012-11-29 21:09 ` Myklebust, Trond
2012-11-29 22:26 ` simo
2012-11-29 20:10 ` Stef Bon
2012-11-29 20:20 ` Al Viro
2012-11-29 20:31 ` Stef Bon
2012-11-29 21:16 ` Al Viro
2012-11-29 23:14 ` Stef Bon
2012-11-29 23:44 ` Steve French
2012-11-30 7:10 ` Stef Bon
2012-11-30 7:19 ` Stef Bon
2012-11-30 13:37 ` Bernd Petrovitsch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1354202525.4064.1.camel@pico.ipa.ssimo.org \
--to=idra@samba.org \
--cc=Trond.Myklebust@netapp.com \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=stefbon@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).