Re: [PATCH/RFC: nfs-utils] Common systemd unit files for nfs-utils.

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Anthony Messina <amessina@messinet.com>
To: linux-nfs@vger.kernel.org
Subject: Re: [PATCH/RFC: nfs-utils] Common systemd unit files for nfs-utils.
Date: Tue, 04 Feb 2014 06:42:12 -0600	[thread overview]
Message-ID: <1757036.O2OPYTypu1@linux-ws1.messinet.com> (raw)
In-Reply-To: <52F003A1.3060908@RedHat.com>

[-- Attachment #1: Type: text/plain, Size: 1941 bytes --]

On Monday, February 03, 2014 04:01:21 PM Steve Dickson wrote:
> This changes the current API... Today to enable/start this service 
> today one does:
> 
>   systemctl enable nfs-server
>   systemctl start nfs-server
> 
> which would change to:
> 
>   systemctl enable nfs-server.target
>   systemctl start nfs-server
> 
> with the same daemons being started.
> This changed will cause existing scripts to fail... 
> I guess I don't see the point of having a .target file. 
> 
> How is rpc.svcgssd enabled? Since the .service file does
> not have a [Install] section the systemctl enable rpc.svcgssd
> fails.
> 
> Also how does gss-proxy come to play in all this? Maybe we 
> just use  gss-proxy by default and retire rpc.svcgssd.

Usually just a quite listener (end-user & small-time sysadmin) on this ML...

+1 for gss-proxy by default (for Fedora anyway).  I've been using it 
throughout F19 extensively in the KRB5/NFSv4.1 environment with great success.  
I have nfs-secure-server.service "masked" via systemd to prevent it from being 
started.

There seems to be only one strange issue I've come across with gss-proxy vs. 
rpc.svcgssd: https://fedorahosted.org/gss-proxy/ticket/98.  This is with 
regard to how access for the "nfsnobody" user is handled.  The ticket attempts 
to show that with rpc.svcgssd, a host with host credentials and a user without 
credentials can still access NFS shares with 0755 directories and 0644 files 
(via the host credentials and mapped to the nfsnobody user).  With gss-proxy, 
I had to create user credentials for kojibuilder@REALM because the access 
wasn't allowed via the nfsnobody path.  I'm not sure if this is resolved, or 
by design, etc.  But it is the only issue I've seen with gss-proxy vs. 
rpc.svcgssd.

Thanks.  -A

-- 
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

next prev parent reply	other threads:[~2014-02-04 12:48 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-01-30  6:24 [PATCH/RFC: nfs-utils] Common systemd unit files for nfs-utils NeilBrown
2014-01-30 15:04 ` Weston Andros Adamson
2014-01-30 17:56   ` Weston Andros Adamson
2014-01-30 18:52     ` J. Bruce Fields
2014-01-30 22:50       ` NeilBrown
2014-01-30 23:17         ` Jim Rees
2014-01-30 20:06 ` Steve Dickson
2014-01-30 22:14   ` NeilBrown
2014-01-31 15:19     ` Steve Dickson
2014-01-31 16:15     ` Steve Dickson
2014-02-03 21:01 ` Steve Dickson
2014-02-03 22:34   ` NeilBrown
2014-02-04 16:20     ` J. Bruce Fields
2014-02-04 16:30       ` Chuck Lever
2014-02-04 19:00       ` Steve Dickson
2014-02-06 12:32         ` Simo Sorce
2014-02-05  3:09       ` NeilBrown
2014-02-05 15:56         ` Chuck Lever
2014-02-06  1:27           ` NeilBrown
2014-02-06 12:15             ` Simo Sorce
2014-02-06 16:09             ` Chuck Lever
2014-02-06 16:19               ` J. Bruce Fields
2014-02-10 20:50                 ` Steve Dickson
2014-02-11  4:50                   ` NeilBrown
2014-02-11 12:38                     ` Steve Dickson
2014-02-11 16:37                     ` J. Bruce Fields
2014-02-11 16:47                       ` Steve Dickson
2014-02-11 16:56                         ` J. Bruce Fields
2014-02-11 20:12                           ` Steve Dickson
2014-02-04 18:26     ` Steve Dickson
2014-02-04 18:48       ` Anthony Messina
2014-02-04 18:54         ` J. Bruce Fields
2014-02-05  3:55       ` NeilBrown
2014-02-11 12:56         ` Steve Dickson
2014-02-05  5:43       ` NeilBrown
2014-02-05 21:11         ` J. Bruce Fields
2014-02-06  0:58           ` NeilBrown
2014-02-13 19:39         ` Steve Dickson
2014-02-04 12:42   ` Anthony Messina [this message]
2014-02-04 13:24     ` Jeff Layton
2014-02-04 14:18       ` Anthony Messina

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1757036.O2OPYTypu1@linux-ws1.messinet.com \
    --to=amessina@messinet.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).