Coda File System

Re: /coda has realm as symlink

From: Jan Harkes <jaharkes_at_cs.cmu.edu>
Date: Wed, 19 Oct 2005 12:26:00 -0400
On Wed, Oct 19, 2005 at 05:38:19PM +0200, Ivan Popov wrote:
> On Wed, Oct 19, 2005 at 08:08:21AM -0700, Phil Nelson wrote:
> > in that realm.   As I understand it, you can't even "cross mount" a
> > volume from servers for one realm into another realm's tree.
> 
> I would hope so but I am not sure.
> A freedom of such kind is IMHO very harmful as it opens wider a can of worms,
> including e.g. bypassing access limitations, set in higher lever directories.

Not sure if it would give an access problem, but at the lowest level the
cross-realm mounts work just fine. we use them that way to mount the
realms in the /coda/ directory. There is a one-line test somewhere that
only allows this to work successfully if the cross-realm mount is seen
in the 'CodaRoot_at_localhost' volume.

> Another implication is that it can not be done consistently when
> the mountpoint and the volume belong to different administration domains.

It does work, although a bit confusing for the end user. If I
cross-mount somevolume_at_other.realm any accesses to that volume would be
done based on 'otherrealm' credentials. But the end user would think it
is part of the local realm, since the volume would be visible under
/coda/local.realm/

> We definitely have both problems as anyone can try to mount any volume
> inside a realm, but at least "inside a realm" implies "inside the same
> administration domain".

Hmm, I thought we needed system:administrator rights to create
mountpoints... I'll consider that one a bug.

Jan
Received on 2005-10-19 12:26:52