Paul, it's good to hear from you. Been about 12 years. AUTH_SYS provides what some people call "pretend security." The server enforces a security policy based on user and group IDs. But it only pretends to enforce the policy, because it allows clients to break the rules if they want. Some people claim this is useless, and AUTH_SYS should go away, to be replaced by "none" or "kerberos." I disagree. It's useful for preventing mistakes among a group of users who trust each other but sometimes get sloppy. My home network would be a good example. A compute cluster might be another. I do find root_squash useful but I'm not sure there's much point in adding more squash options. For one thing it might lull people into thinking they're getting something more than just pretend security. If you have users who might try to break in to a machine by setting setgid bits, then AUTH_SYS is not for you. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
