In message <20010925155908.B346@fang.grunta.com>, Grant Beattie writes:
>On Tue, Sep 25, 2001 at 01:29:30AM -0400, Nathan J. Williams wrote:
>
>> > There are countless situations where it is necessary to export more
>> > than one directory, but not appropriate to export the whole file
>> > system. This is a reasonable fundamental requirement of an NFS server,
>> > and the fact it isn't possible seems rather bizarre.
>> 
>> Well, it seems like a fine requirement, but it pretty well flies in
>> the face of how NFS was designed and implemented. It's a thin veneer
>> of abstraction above the traditional FFS, and dealing with access
>> restrictions on a finer grain than per-filesystem is beyond it.
>> 
>> Any Unix vendor who claims otherwise about their NFS implementation is
>> misrepresenting themselves.
>
>Are you sure? Am I missing something?
>
>I've been doing NFS on Solaris for years and have been able to use
>different options per export for as long as I remember.
>
>I would have considered it also to be broken, had it not allowed such
>configurations to work.
>

I'm not certain, but I was about to post something similar to what 
Nathan said.  And the magic word in his post (though elided from the 
portion quoted above) is "adversary".

		--Steve Bellovin, http://www.research.att.com/~smb
				  http://www.wilyhacker.com