|
The proposal is to move the sharetab info out of /etc/dfs/sharetab
and into memory. Users can still get Problem Statement The /etc/dfs/sharetab file is used to store the currently shared exports. It contains all of the security information. Some services which reference it have a cache of entries, but for the most part, to access information on a share, you need to open and read in this file. Since the sharetab data is stored in this file, to update the sharetab, you need permissions to write to the file: [EMAIL PROTECTED] ~]> ls -la /etc/dfs/sharetab -rw-r--r-- 1 root root 84176 Oct 27 11:58 /etc/dfs/sharetab A desired feature for ZFS is the ability to delegate filesystem creation to normal users. Because the parent filesystem properties are inherited, it is very possible that a share point may need to be created for the child. Since you need to be root to write to the file, we either need to open up the permissions on the file or use some mechanism to change the effective uid of the user. We don't want to change the permissions, in fact, we would prefer that there was no means to manually write to the file. Reading from the file is okay, but any changes made can bring down NFS access to the system. Since ZFS does not use RBAC (it has its own security/authorization mechanism based on ACLs), this means that we will have to use a setuid program to change the file. setuid programs are not allowed in ON. The root of the problem is that the sharetab data is backed in a file. If we were instead to keep the data in the kernel, we could avoid this problem. The data is not persistant across a reboot and thus does not need to be stored on disk. It is currently stored in a file to keep the data persistant across mountd being restarted. A secondary concern is that because the sharetab is stored in /etc/dfs/sharetab and all entries need to be sequential, the adding of new shares has to in turn be sequential. In order to gain the scalability inherent in the sharemgr's concept of share groups, we want to parallelize access to the sharetab. If all of the entries are in memory and only serialized when needed instead of all of the time, we could see scalability performance gains. |
_______________________________________________ opensolaris-discuss mailing list [email protected]
