Re: ShadowFS (status)

[Marcus Brinkmann]

On Mon, Aug 27, 2001 at 09:35:50AM +0200, Niels M?ller wrote:
> Do I understand you correctly that opening /bin should simply result
> in a port to either /bar/bin or /foo/bin, with no fancy merging of the
> directory contents? Then ls won't show the truth for shadowfs
> directories, or am I missing something?

No, the handling of dirs and other nodes does indeed differ.  dirs are always
and entirely managed by shadowfs.  It has complete control over them and
answers all RPCs related to directory ports.

For files, shadowfs never handles them.  It doesn't do it right now (the only
thing it does is the lookup, which is wrong as we know by now).  All
RPCs related to file ports go directly to the underlying filesystem with the
file.

This is the right thing to do.  There is only one problem:
If shadowfs has not the permissions to enter directories, it can not shadow
them.  There is no secure way around it (if it could shadow them, it has
the permission, which means it needs to be trusted not to give the dirs to
users without that permission).  Should shadowfs shadow directories for which
the caller has no permission?  Should shadowfs return retry names to
unshadowed directory ports if it hasn't the permission to enter them?
Should it do this if there is only one directory anyway?  Should it do this
if there are more directories?

What happens if I request to delete a directory, and shadowfs has the permission
to do so but I have not?  What happens if I want to delete a directory, and
shadowfs has not the permission but I have?  I have a gut feeling that most
operations on directories etc should probably not be implemented at all.
(Fail with EOPNOTSUPP).

Thanks,
Marcus