2002-04-10 14:33:42

by Jean-Eric Cuendet

[permalink] [raw]
Subject: NFS v4 questions

Hi,
I have questions related to NFSv4
Will NFSv4 be able to check file access on a per file basis or like with
NFSv3, on a per share basis?
Will NFSv4 be like AFS or SMB speaking of ACL? And speaking of file
access? (Like /afs available to anyone but files/dirs in it being
checked for permissions on a file basis based on the krb5/afs ticket)

Thanks for infos.
-jec

--
Jean-Eric Cuendet
Linkvest SA
Av des Baumettes 19, 1020 Renens Switzerland
Tel +41 21 632 9043 Fax +41 21 632 9090
E-mail: [email protected]
http://www.linkvest.com
--------------------------------------------------------




_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs


2002-04-10 20:43:12

by Spencer Shepler

[permalink] [raw]
Subject: Re: NFS v4 questions

On Wed, Jean-Eric Cuendet wrote:
> Hi,
> I have questions related to NFSv4
> Will NFSv4 be able to check file access on a per file basis or like with
> NFSv3, on a per share basis?
> Will NFSv4 be like AFS or SMB speaking of ACL? And speaking of file
> access? (Like /afs available to anyone but files/dirs in it being
> checked for permissions on a file basis based on the krb5/afs ticket)

An NFS server generally share/exports a particular filesystem resource
to clients; this has not changed with NFSv4. In fact, NFSv4 does not
specify exactly how resources are determined for access by a set of
clients. However, most implementations will continue to follow the
model of exporting a particular directory and the contents underneath
that directory. Most implementations that I am aware of will continue
with the model of exporting to a set of clients but this is not
necessary. With the use of kerberos/spkm3/lipkey, an NFS server can
verify a user's credentials against directory/file ownership to
enforce appropriate access.

NFSv4 does define an ACL attribute so the client and server have a
mechanism to get and set the ACLs for a directory/file. However, ACL
can always be applied to the server's filesystem objects directly and
will be enforced there regardless of support in the filesystem
protocol.

--
Spencer


_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs