Matthew Dillon wrote:
:Now if I try to run it as root (again), it suddenly works. I guess that :our namecache isn't aware of the rootsquashing and thus grants access to :the cached vnode.Yes, this is simply because from the client's point of view, root is allowed to access everything, while from the server's point of view, any root cred accesses will be converted to UID -2.So if the data is not cached on the client, the request is passed to the server and rejected because uid -2 has no access to it. But once the data is cached on the client, the client can access it as root even if the server would otherwise not allow that. There are cache timeouts involved here too. Once the attributecache times out I'm not sure whether the next root-access will succeed or not... probably not.
Yes, but should we fix it (by querying always?) or is this a common problem for other implementations as well?
cheers simon -- Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\ Work - Mac +++ space for low $$$ NOW!1 +++ Campaign \ / Party Enjoy Relax | http://dragonflybsd.org Against HTML \ Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
