Grant Beattie <grant@grunta.com> writes:

> Hmm, if the only choices are:
> 
> 	* export one directory
> 	* export all directories
> 
> then I think the behaviour is particularly broken (and the error
> mentioned didn't even come close to describing the real problem or
> cause, which doesn't help).

It's worse; even if you say "export one directory", all directories
are avaliable to a patient adversary. 

> There are countless situations where it is necessary to export more
> than one directory, but not appropriate to export the whole file
> system. This is a reasonable fundamental requirement of an NFS server,
> and the fact it isn't possible seems rather bizarre.

Well, it seems like a fine requirement, but it pretty well flies in
the face of how NFS was designed and implemented. It's a thin veneer
of abstraction above the traditional FFS, and dealing with access
restrictions on a finer grain than per-filesystem is beyond it.

Any Unix vendor who claims otherwise about their NFS implementation is
misrepresenting themselves.

        - Nathan