Re: knfs mounts

Peter Benie (pjb1008@cam.ac.uk)
Wed, 26 Aug 1998 17:48:03 +0100

David Woodhouse writes ("Re: knfs mounts "):
>
> > > > Should knfs let me mount /usr/src if I have exported /usr?
> > > It better.
> > It doesn't though. It also won't allow you to export a directory
> > farther down the tree unless that directory is a mount point.
>
> Last time I asked about this, about a year ago IIRC, the answer seemed to be
> "Well, don't do that then".
>
> So I didn't - I'm still using the user-space server, which is a pity, as I
> could have done with the improved performance and NFS locking in 2.2.
>
> I believe the reasoning was that a malicious client could still manage to
> guess the inode numbers for the root of the partition (/usr in this
> case)

That reasoning doesn't make sense. Since you've exported /usr, a
client can just ask the mountd what the filehandle for /usr is - it
doesn't have to do any guesswork.

> hence access it, so there was no point in specifying a subdirectory as a
> possible mount point.
>
> The fact that real clients may depend on being able to do so wasn't a
> sufficient reason to introduce the extra complexity required to handle this
> case, and I didn't have the time or knowledge to do it myself.

When a filesystem is mounted, mountd returns the NFS filehandle for
the directory being mounted. All you want is for mountd to return the
filehandle of a directory under the exported mount point.

mountd should also follow symlinks when a mount is being done; the
mount will only work if the target of the symlink is exported to the
client. This enables you to have an official view of what directories
should be mounted which is separate from the layout of the partitions
on disk. (You put a symlink in which points from the official name to
where the data is actually stored.)

Peter

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html