On 08/30/2011 01:34 PM, Trond Myklebust wrote: > On Tue, 2011-08-30 at 13:24 -0700, Boaz Harrosh wrote: >> On 08/30/2011 01:00 PM, Chuck Lever wrote: >> <> >>>> >>>> Won't the above check be rather expensive? You'll need to do a >>>> getxattr call on almost every path component of every lookup, >>>> right? >>>> >>>> I may be misremembering your talk from connectathon, but I thought >>>> you were planning to use a well-known mode for junctions that would >>>> cut down on the number of unnecessary getxattrs... >>> >>> Yes, that's the plan. To reduce overhead, the S_ISVTX bit must be >>> set before NFSD does the expensive xattr test. > > ...and mode bits otherwise set to 0 so nobody can access the mounted-on > directory. > >> from: stat(2) - Linux man page >> >> The 'sticky' bit (S_ISVTX) on a directory means that a file in that >> directory can be renamed or deleted only by the owner of the file, >> by the owner of the directory, and by a privileged process. >> >> Please explain how does it work? Once the junction is followed and >> mounted then the mode-bits get changed to the destination directory's >> mode bits? So the Server's junction mode-bits are never exposed, except >> in a local-fs file access on the server? > > Yes. > Nice trick. Thanks -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
