2012/11/29 Myklebust, Trond <Trond.Myklebust@xxxxxxxxxx>: >> -----Original Message----- >> >> 1. while the filesystems are using credentails or tickets to get access to a >> remote resource, this is a bit difficult for notifyfs. >> Notifyfs bypasses that. Maybe this leads to permissions/abuse I cannot see >> directly. > > Lack of security is a showstopper. There are good reasons why inotify won't allow you to monitor files for which you don't have access permissions. > Let me explain, I think you not understand fully. Notifyfs does not allow users/clients to set a watch if there are no read permissions (the object and access for the whole path to it), so there are no security issues there. What I mean is that any program can contact the remote notifyfs server, and this remote notifyfs server cannot figure out it's a valid request from another notifyfs server, or a program faking that. In the construction I describe it does not check that (yet). >> >> What do you think, is the latest option possible?? > > So what is the killer app for inotify on NFS/CIFS/FUSE? What programs do you need to run on a NFS/CIFS/FUSE client that use inotify and that wouldn't be better off running on the server instead? > What do you mean with "better off running on the server instead"? There are a lot of programs interested in fs changes, like a simple file manager. I think it's a very nice feature to see changes right away in the view. It's not a killer app, but a think the whole user experience is improving when your system is able to keep a view (like a view in the file manager) up to date. > IOW: whose problem are you trying to solve? I think that enabling fs notify on network filesystems like nfs, cifs and fuse is a good thing (see above). On systems like Windows and iOS since long time this works. You do not agree?? Stef Bon -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
