[9fans] 9p server under GNU/Linux

[9fans] 9p server under GNU/Linux

[Juan M. Mendez]

Hello,

I was wondering if current npfs or spfs supports exporting different
directories, each one with different permissions (protected by
uid/pass). Is it possible?

My aim is to give users different views of the filesystem of another
machine, after they authenticate themselves.

--
http://vejeta.com/portal
Fidonet: 2:345/432.2

Re: [9fans] 9p server under GNU/Linux

[Eric Van Hensbergen]

On Thu, May 21, 2009 at 2:47 PM, Juan M. Mendez <vejeta@gmail.com> wrote:
> Hello,
>
> I was wondering if current npfs or spfs supports exporting different
> directories, each one with different permissions (protected by
> uid/pass). Is it possible?
>
> My aim is to give users different views of the filesystem of another
> machine, after they authenticate themselves.
>

So -- if I understand you correctly you want to export multiple
subtrees, each subtree potentially protected by a username/password
and not relying on normal file permissions to protect them?

There are several potential approaches to this:

a) different exports for each subtree, or a special hook at mount time
which only allows users to see what they are supposed to see
b) implement some form of ACL (or access to underlying Linux ACL
structures) within 9P or a 9P extension
c) different attach anames for different subtrees, which would allow
you to use the same port, but have to specify mount individually

There are a number of things which would need to be done to support
any of these:

a) spfs/npfs have some support for auth (the only example I know of
being the xcpu style), but you'd probably need to flesh it out more
for your purposes
b) you'd need some sort of /etc/exports like configuration file
specifying the subtrees to export and the users which can see them

Since spfs/npfs are libraries (with ufs being only one
implementation), you could easily take a crack at implementing your
solution (or some subset thereof), but I don't think they currently
have the exact functionality you desire.

   -eric

Re: [9fans] 9p server under GNU/Linux

[Latchesar Ionkov]

If you don't use the Spfile/Npfile interfaces, you can easily do it.
Spfile/Npfile support a single root directory, so you'll need to do
some tricks to implement what you need. I think that your own
npfile_attach/spfile_attach implementation would be sufficient. There
are some static functions in file.c that you'll need to make
non-static for the implementation, I don't have problems accepting a
patch for that.

Thanks,
    Lucho

On Thu, May 21, 2009 at 1:47 PM, Juan M. Mendez <vejeta@gmail.com> wrote:
> Hello,
>
> I was wondering if current npfs or spfs supports exporting different
> directories, each one with different permissions (protected by
> uid/pass). Is it possible?
>
> My aim is to give users different views of the filesystem of another
> machine, after they authenticate themselves.
>
> --
> http://vejeta.com/portal
> Fidonet: 2:345/432.2
>
>

Re: [9fans] 9p server under GNU/Linux

[Juan M. Mendez]

2009/5/22 Latchesar Ionkov <lucho@ionkov.net>:
> If you don't use the Spfile/Npfile interfaces, you can easily do it.
> Spfile/Npfile support a single root directory, so you'll need to do
> some tricks to implement what you need. I think that your own
> npfile_attach/spfile_attach implementation would be sufficient. There
> are some static functions in file.c that you'll need to make
> non-static for the implementation, I don't have problems accepting a
> patch for that.
>
> Thanks,
>    Lucho

Thanks Eric and Lucho for the answers.

I lack the skills for doing such modifications to the source, but it seems
like a nice future project for me to get in touch with 9p and C again.

Also Mechiel proposed me another option that would be to chroot different
u9fs executions for each user directory, but that could be overkill.

Regards,

Juan

-- 
http://vejeta.com/portal
Fidonet: 2:345/432.2