On Thu, Apr 22, 2010 at 03:16:08PM +0200, Harald Dunkel wrote:
Hi Daniel,
On 04/22/10 11:41, Daniel P. Berrange wrote:
>
> This is unfixably broken then. NFS security relies on all clients using
> the same UID/GID <-> name mappings.
>
How comes that we don't run into a similar security problem
for iSCSI?
In NFS, the user/group IDs for files are stored on the NFS server. Thus
all clients must have same interpretation for these IDs.
In iSCSI the user/group IDs are assigned to the block device nodes which
are always local to each client logged into the iSCSI server. Thus there
is no requirement for the same interpretation on all clients
Daniel
--
|: Red Hat, Engineering, London -o-
http://people.redhat.com/berrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org -o-
http://deltacloud.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|