Trond Myklebust <trond.myklebust <at> fys.uio.no> writes:
> On Fri, 2007-07-06 at 09:40 -0400, Peter Staubach wrote:
> > It was misguided on someone's part to think that no ACLs meant that
> > checking the mode bits for permissions was sufficient.
>
> Yup.
It seems to me that disabling ACCESS might prevent clients from knowing
whether an operation is allowed, but it would not allow clients to bypass
server ACLs. From a security perspective, then, I would think disabling
ACCESS would not affect the correctness of the protocol.
In other words, if a client with ACCESS disabled determined (by mode
bits alone) that a read operation was allowed, and issued a READ call,
would the server still determine whether the request was allowed
(according to its ACL and user mapping policy), and return
NFS3ERR_ACCES if not?
> The correct way to deal with the problem of too many ACCESS calls
> was rather to improve the caching. There should be a vast difference
> between a 2.6.19 kernel or higher and earlier versions when it comes to
> the ability to cache credentials from multiple users and I hope that
> addresses the problems that people were seeing.
ACCESS calls make up 17% of the NFS ops generated by our application
running on a stock CentOS 5 2.6.18 kernel. We don't use ACLs or root
mapping. One user (root) performs all file access on the NFS volume
in question.
Would the credential caching you mention in 2.6.19 help us reduce the
number of ACCESS operations we see (even though only one user is
performing file I/O)?
Is it safe to apply a patch to eliminate ACCESS altogether?
Thanks,
Clay