From: Trond Myklebust <trondmy@hammerspace.com>
To: "jlayton@kernel.org" <jlayton@kernel.org>,
"dan.f.shelton@gmail.com" <dan.f.shelton@gmail.com>
Cc: "tom@talpey.com" <tom@talpey.com>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>
Subject: Re: Public NFSv4 handle?
Date: Tue, 13 Feb 2024 20:58:59 +0000 [thread overview]
Message-ID: <3fa863dc2c1ec75416704a9cdaa17bf1a2e447e4.camel@hammerspace.com> (raw)
In-Reply-To: <CAAvCNcAsow-QTPYLm0fUNX3K5X4Aci=aFi+hi4a0S8k19oa-KA@mail.gmail.com>
On Tue, 2024-02-13 at 21:28 +0100, Dan Shelton wrote:
> [You don't often get email from dan.f.shelton@gmail.com. Learn why
> this is important at https://aka.ms/LearnAboutSenderIdentification ]
>
> On Fri, 9 Feb 2024 at 16:32, Jeff Layton <jlayton@kernel.org> wrote:
> >
> > On Thu, 2024-02-08 at 21:37 -0500, Tom Talpey wrote:
> > > On 2/8/2024 7:19 PM, Dan Shelton wrote:
> > > > ?
> > > >
> > > > On Thu, 25 Jan 2024 at 02:48, Dan Shelton
> > > > <dan.f.shelton@gmail.com> wrote:
> > > > >
> > > > > Hello!
> > > > >
> > > > > Do the Linux NFSv4 server and client support the NFS public
> > > > > handle?
> > >
> > > Are you referring the the old WebNFS stuff? That was a v2/v3
> > > thing,
> > > and, I believe, only ever supported by Solaris.
> > >
> >
> > One more try! I think my MUA was having issues this morning.
> >
> > NFSv4.1 supports the PUTPUBFH op:
> >
> > https://www.rfc-editor.org/rfc/rfc8881.html#name-operation-23-putpubfh-set-p
> >
> > ...but this op is only for backward compatibility. The Linux server
> > returns the rootfh (as it SHOULD).
>
> No, I do not consider this "backward compatibility". The "public"
> option is also intended for public servers, like package mirrors
> (e.g.
> Debian), to have a better solution than http or ftp.
>
PUTPUBFH offers no extra security features over PUTROOTFH. It is
literally just a way to offer a second point of entry into the same
exported filesystem.
A more modern approach would be to create 2 containers on the same
host: one that shares the full namespace to be exported, and one that
shares only the bits of the namespace that are considered "public".
That approach requires no extra patches or customisation to existing
kernels.
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@hammerspace.com
next prev parent reply other threads:[~2024-02-13 20:59 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-25 1:48 Public NFSv4 handle? Dan Shelton
2024-02-09 0:19 ` Dan Shelton
2024-02-09 2:37 ` Tom Talpey
2024-02-09 11:09 ` Jeff Layton
2024-02-09 14:52 ` Jeff Layton
2024-02-09 15:32 ` Jeff Layton
2024-02-13 20:28 ` Dan Shelton
2024-02-13 20:42 ` Jeff Layton
2024-02-13 20:58 ` Trond Myklebust [this message]
2024-02-14 6:12 ` Cedric Blancher
2024-02-15 17:25 ` Frank Filz
2024-02-13 21:16 ` Chuck Lever III
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3fa863dc2c1ec75416704a9cdaa17bf1a2e447e4.camel@hammerspace.com \
--to=trondmy@hammerspace.com \
--cc=dan.f.shelton@gmail.com \
--cc=jlayton@kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=tom@talpey.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).