(Illustration by Gaich Muramatsu)
On Sat, Jul 24, 1999 at 02:30:39PM +0100, Nix wrote: > Yes, this subject is seriously meant :) > > I would like to install coda on this site (and have a test installation > running OK) and I'd like to move some stuff that other people can see > over to coda. > > Problem: a couple of machines don't have remotely enough physical memory > to run the client (8Mb max, and they've got to run other things in there > too). So I thought of NFS-exporting /coda from one of the coda boxes to > the small boxes. > > Nice idea, but unfortunately the Linux nfsd does, er, evil tricks, like > using setfsuid() to transform itself into other users, and so forth. Hi, That is not a problem, because Coda already uses the fsuid to determine which user is accessing the filesystem. We needed that for exporting /coda with, for instance, Samba. > Effectively, the nfsd will need the ability to become any user at any > time, and will need to hold all tokens :( or so it seems to me. A nfs-client user needs some way of obtaining a token for his uid on the nfs-server/coda-client. They are kept around by the coda-client. So the nfs daemon doesn't need to know about it. > Am I missing something? Is there a way to do this? Is anyone doing it? I did it with the userspace nfsd, the only funny thing was that at first it didn't want to export any network-filesystem. However if you add the --re-export flag to nfsd it will be able to export filesystems like /coda. > (If not it probably means `no coda here', which is a bit of a bugger, > because it looks superb, if you ignore the blasted separate-from-Unix > authentication system...) Well, the authentication system currently isn't even separated enough to allow for sharing volumes between administrative cells. For that we need to add at least uid mappings, and a way of validating authentication tokens that have been generated in a different domain. The Unix authentication system really only works well on a single machine, or a tightly controlled network. But as soon as you scale up to a distributed network with multiple administrative authorities is doesn't work that well anymore. JanReceived on 1999-07-24 14:18:15