On Wed, Jun 27, 2001 at 04:27:55PM -0400, Greg A. Woods wrote:
> [ On Wednesday, June 27, 2001 at 21:45:23 (+0200), Manuel Bouyer wrote: ]
> > Subject: Re: very weird NFS/VND error during "make depend" of kernel....
> >
> > SunOS-5's nfsd doesn't do any check, only mountd does. So if you can get (or
> > guess) a filehandle, you can access it from anywhere without check.
> 
> Hmmm... yes....  So what about doing what SunOS documents instead of
> what they actually do, i.e. have nfsd check permissions on the first
> access by a given client for a given resource and then remember that
> it's authorised (if it is).  Would this require all nfsd's to share this
> info?  Is this getting too complex to be safe (as compared to just
> always checking the current exports list on every access)?

I think this is the same thing: you have to check something when
a client comes it anyway (it may be allowed to access one mount point
but not one other).
I actually like to be able to deny access to a client on the fly, without
need to umount the filesystem on the client.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--