Subject: Re: nfs - export file
To: Nathan J. Williams <nathanw@MIT.EDU>
From: Andrew Brown <atatat@atatdot.net>
List: port-i386
Date: 09/27/2001 14:48:00
>> Then why do we offer the difference between exporting a directory and
>> exporting -alldirs? (I have to agree with Greg Woods on this point; either
>> offer no option, or offer all options.)
>
>Historical cruft, I'd say. Even our exports(5) man page admits this:
>
> Note that the -alldirs option should not be used as a security
> measure to make clients mount only those subdirectories that they
> should have access to. A client can still access the whole
> filesystem via individual RPCs if it wanted to, even if just one
> subdirectory has been mounted
if nfsd and moutnd talked a bit more, mountd could tell nfsd which
directory a host had mounted and nfsd could use vn_isunder() to find
out if the access was to a file in the right place, no?
or am i totally confusing too many things?
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."