> > ObBug: i have recently discovered that it is possible to re-export an > > imported filesystem under Linux. to illustrate: > > > > hostA --> exports /usr/share to -access=hostB > > hostB --> a linux box. re-exports /usr/share to everyone > > hostC --> not implicitly trusted by hostA, mounts /usr/share > > > > aside from any security concerns, this would certainly thrash your nfsd's. > > does anyone have any experience with this? i have only recently discovered > > this, and have not had time to peruse it in depth. > > Are you sure about this? Any system using nfs will allow this, but the > directory they mount from hostB is the mount directory, not the /usr/share > form hostA. Most UNIX implementations have the NFS server in the kernel. With these implementations, you usually export filesystems (as understood by the kernel), and clients cannot cross filesystem boundaries when querying the server. the Linux NFSD is a user-space NFS server. It doesn't have magic hooks into the kernel; it accesses the filesystem the same way ordinary users do. As a result, it has *no idea* what a filesystem is; it exports "directory trees" instead. The advantage is that exporting an entire fileserver is trivial; the disadvantage is that exporting an entire fileserver is trivial... [ SGI, and some others, have an option that allows the kernel NFS implementation to export directory hierarchies instead of filesystems, so this is nothing new. That it's the default, and only, configuration on Linux is new... ] -- C. Harald Koch | University of Toronto Computing & Communications harald@canet.ca | Network & Operations Services +1 416 978 0992 (voice) | External Network Facilities Managment +1 416 978 6620 (fax) | 4 Bancroft Ave., Rm 101, Toronto, ON M5S 1C1