From: Conrad Minshall (conrad@apple.com)
Date: 03/11/99-05:15:25 PM Z
Message-Id: <l03130304b30df24bc0f6@[17.202.43.185]> Date: Thu, 11 Mar 1999 15:15:25 -0800 From: Conrad Minshall <conrad@apple.com> Subject: Re: enumerating exports At 4:00 AM -0800 3/11/99, Mike Eisler wrote: >> Perhaps a similar facility could be made available by NFSv4 servers. >> For instance, if there was an informal convention that a "contents" file >> at the server's root contain a server welcome. The file would be >> constructed by the server's sysadmin - much in the same way as an >> /etc/motd >> on a UNIX system. There wouldn't need to be any specific features in the >> protocol to support this convention - though the spec could mention it >> as a "MAY" item. The sysadmin could put either a helpful list of >> interesting directories and a description of their contents - or just >> a "Get Lost" message if it's a private machine. >However, a less informal mechanism might be more desirable, such as >a RECOMMENDED attribute which when applied to the ROOTFH, returns the >enumerated list of path names Good! This mechanism meets the needs I was anticipating. More below... >My limited experience >with Appleshare for instance on MAC servers and clients was that >the server didn't export anything, and access to a folder/disk volume >was controlled by a per folder password. I found that to be a nice >change. With that model it is impractical for the server return an >export list because to do so, it would have to recurisively >walk its entire tree to determine the folders the client had access to. Appleshare servers do return export lists. Oversimplifying, it goes like this: Client sends an FPGetSrvrInfo. Server's reply lists what protocol versions and user authentication methods may be used. This is as far as a client can get without having an authenticated session. Client obtains a session, establishing itself as some "user" name already known to the server. Client sends an FPGetSrvrParms. Server's reply lists volumes exported... all of them, even ones to which this "user" may be allowed no further access. Footnotes: Servers may share (export) any folder or volume, but to clients they all look like volumes. The protocol allows for each "volume" to have an additional independant password protection. I'm unaware of any usage of this feature. Based upon the "user" name authenticated an owner/group/world permissions model is applied to all files and directories. -- Conrad Minshall ... conrad@apple.com ... 408 974-2749 Apple Computer ... Mac OS X Core Operating Systems ... Filesystems & Kernel Alternative email address: rad@acm.org.
This archive was generated by hypermail 2.1.2 : 03/04/05-01:46:49 AM Z CST