Re: [remotefs-devel] permissions and automount

[Aleksey T. <ale...@gm...>]

On Mon, Mar 12, 2012 at 10:25 PM, Markus Grabner <gr...@ic...> wrote:


> It's use case 1. If user A logs into the system and wants to access data of
> user B, which user B decided to make readable (but not writeable) by everyone
> (e.g., permissions 0644), then user A can perform his tasks even if the server
> accesses the data with permissions of user A. However, if user A logs off, and
> user B logs in before the automount expires, then user B will not be able to
> modify his data since the server still tries to access B's data with the
> permissions of A. The same problem occurs with multiple users accessing
> concurrently, of course. Is this possible with remotefs?
>

Through different mount points - yes.

1. localhost:/home/A/shared,username=A -> 10.0.0.1:/var/shared,ugo
2. localhost:/home/B/shared,username=B -> 10.0.0.1:/var/shared,ugo

/var/shared on 10.0.0.1 might have files owned by both A and B. If you
use UGO for this export, then A can access 644 files of B in r/o, but
not in r/w, B can access his files normally using his own connection.
You can also access files concurrently with different permissions if
you use 2 connections. You need to put both connections to auto-mount,
of course.

Not possible using a single mount point though, but this is how
remotefs is designed and i'm pretty much like it this way. Management
of permissions on single connection will require major changes in
design that introduces security risks and et cetera.

P.S. Concurrency is not a strong point of remotefs, it's recommended
to use multiple connection for concurrent access when possible, even
you use the same user/permissions on server. On the other hand,
multiple connections are supposed to be cheap in remotefs.