RE: Possible to make nfs aware of a inotify watch has been set.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> -----Original Message-----
> From: Stef Bon [mailto:stefbon@xxxxxxxxx]
> Sent: Thursday, November 29, 2012 9:49 AM
> To: Myklebust, Trond
> Cc: linux-nfs@xxxxxxxxxxxxxxx; linux-cifs
> Subject: Re: Possible to make nfs aware of a inotify watch has been set.
> 
> 2012/11/29 Myklebust, Trond <Trond.Myklebust@xxxxxxxxxx>:
> >> -----Original Message-----
> >>
> >> 1. while the filesystems are using credentails or tickets to get
> >> access to a remote resource, this is a bit difficult for notifyfs.
> >> Notifyfs bypasses that. Maybe this leads to permissions/abuse I
> >> cannot see directly.
> >
> > Lack of security is a showstopper. There are good reasons why inotify won't
> allow you to monitor files for which you don't have access permissions.
> >
> 
> Let me explain, I think you not understand fully.
> 
> Notifyfs does not allow users/clients to set a watch if there are no read
> permissions (the object and access for the whole path to it), so there are no
> security issues there.
> 
> What I mean is that any program can contact the remote notifyfs server, and
> this remote notifyfs server cannot figure out it's a valid request from another
> notifyfs server, or a program faking that.
> In the construction I describe it does not check that (yet).
> 
> >>
> >> What do you think, is the latest option possible??
> >
> > So what is the killer app for inotify on NFS/CIFS/FUSE? What programs do
> you need to run on a NFS/CIFS/FUSE client that use inotify and that wouldn't
> be better off running on the server instead?
> >
> 
> What do you mean with "better off running on the server instead"?
> There are a lot of programs interested in fs changes, like a simple file
> manager. I think it's a very nice feature to see changes right away in the view.
> It's not a killer app, but a think the whole user experience is improving when
> your system is able to keep a view (like a view in the file manager) up to
> date.
> 
> > IOW: whose problem are you trying to solve?
> 
> I think that enabling fs notify on network filesystems like nfs, cifs and fuse is
> a good thing (see above). On systems like Windows and iOS since long time
> this works.
> 
> You do not agree??

No. I like having a reason for adding kernel functionality.

Trond
 
��.n��������+%������w��{.n�����{��w���jg��������ݢj����G�������j:+v���w�m������w�������h�����٥
[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux