On Fri, Jun 1, 2018 at 3:16 PM, Trond Myklebust <trondmy@xxxxxxxxxxxxxxx> wrote: > ...and all I'm doing is pointing out that as long as you insist on > client enforcement of file security, then you are heavily limiting the > list of servers and server configurations that you will be able to work > safely with. There is a reason why, in all the 30 years since the NFSv2 > spec was released, nobody has built such a client. How do you define "safely"? Is it safe for root to do cp -a /nfs/remotedir /tmp/localdir ? That's essentially what an overlayfs mount with an NFS layer does with respect to access permissions: - remote files are not modifiable to anyone, unless server allows - remote files *readable to root* will provide access based on local DAC check. Does that need to be made clear in the docs? Surely. But it does NOT mean it's dangerous or that it's not useful with an arbitrary NFS server (although my guess is that 99% will involve knfsd). Thanks, Miklos -- To unsubscribe from this list: send the line "unsubscribe linux-unionfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html