On Thu, Apr 22, 2010 at 03:16:08PM +0200, Harald Dunkel wrote: > Hi Daniel, > > On 04/22/10 11:41, Daniel P. Berrange wrote: > > > > This is unfixably broken then. NFS security relies on all clients using > > the same UID/GID <-> name mappings. > > > > How comes that we don't run into a similar security problem > for iSCSI? In NFS, the user/group IDs for files are stored on the NFS server. Thus all clients must have same interpretation for these IDs. In iSCSI the user/group IDs are assigned to the block device nodes which are always local to each client logged into the iSCSI server. Thus there is no requirement for the same interpretation on all clients Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list