Re: [NFS] Re: Will NFSv4 be accepted?

From: Alexander Viro (viro@math.psu.edu)
Date: Wed Aug 14 2002 - 18:21:09 EST


On Wed, 14 Aug 2002, Brian Pawlowski wrote:

> > RPCSEC_GSS is not an argument for NFSv4...
>
> yes.
>
> But ACL support over the wire is an argument for V4 - and fine grained
> authorization coupled to strong authentication makes for a flexible
> security package.

Not really. With the quality of existing userland (Linux, Solaris, *BSD,
NT, etc.) _anything_ more complex than "I'm the only one who can create
or remove objects here" is a big, gaping hole. Which makes any theoretical
benefits (if any) of ACL-based schemes moot. Same (to slightly less extent)
applies to regular files.

In other words, if you need something more complex than usual - you are
screwed on the userland side, regardless of the kernel behaviour.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Aug 15 2002 - 22:00:38 EST