> The world is waiting for a decent networked file system with
>
> o Security
> o Replication support
> o Fast bulk transfer
> o Low latency
I use a cluster of PCs, services split between them, and I have run into
several of the limitations of NFS. First, I designed my network to
minimize the use of NFS as much as possible, for both security and
reliability issues. Knowing some of the exploit scripts going around the
net now I am very worried about my NFS server/client systems. My biggest
concern now is security, so instead of building a whole new network file
system from scratch I would like to take a look at modifying NFS to
satisfy the feature list you gave. Insuring the security of the nfs
server is my major goal, so running over the Universal NFS Server 3.X
code might be a good start, and then providing some kind of
cryptographically secure method of client authentication, wether it be
MD5 hashing of the clients IP address and a shared secret configured
manually or waiting for IPsec. has anyone made attempts at this before?
I would like to feel confident that I am not going to be able to trick
the server portion of NFS into giving me file handles on systems outside
of those I've configured it to serve, or that permissions could
subverted.
> I don't see any reason why the Linux community shouldnt write it.
Do we want to write a whole new filesystem from scratch or just take care
of some issues in NFS, for me those would be security and reliability. I
think that the more "noble" of the two solutions is to build a new one
designed right from the and implemented with security in mind,as well as
the replication support, and other features you listed, but do we have
time and resources to accomplish the "noble" solution?
Craig Brozefsky cosmo@ebs.net
System Administrator vox: 312-226-1675
EBS.NET http://www.ebs.net
*****available for limited time only in this dimension****