mirror of
https://github.com/adulau/aha.git
synced 2024-12-30 20:56:23 +00:00
ba17674fe0
The 9P2000 protocol requires the authentication and permission checks to be done in the file server. For that reason every user that accesses the file server tree has to authenticate and attach to the server separately. Multiple users can share the same connection to the server. Currently v9fs does a single attach and executes all I/O operations as a single user. This makes using v9fs in multiuser environment unsafe as it depends on the client doing the permission checking. This patch improves the 9P2000 support by allowing every user to attach separately. The patch defines three modes of access (new mount option 'access'): - attach-per-user (access=user) (default mode for 9P2000.u) If a user tries to access a file served by v9fs for the first time, v9fs sends an attach command to the server (Tattach) specifying the user. If the attach succeeds, the user can access the v9fs tree. As there is no uname->uid (string->integer) mapping yet, this mode works only with the 9P2000.u dialect. - allow only one user to access the tree (access=<uid>) Only the user with uid can access the v9fs tree. Other users that attempt to access it will get EPERM error. - do all operations as a single user (access=any) (default for 9P2000) V9fs does a single attach and all operations are done as a single user. If this mode is selected, the v9fs behavior is identical with the current one. Signed-off-by: Latchesar Ionkov <lucho@ionkov.net> Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
142 lines
4.9 KiB
Text
142 lines
4.9 KiB
Text
v9fs: Plan 9 Resource Sharing for Linux
|
|
=======================================
|
|
|
|
ABOUT
|
|
=====
|
|
|
|
v9fs is a Unix implementation of the Plan 9 9p remote filesystem protocol.
|
|
|
|
This software was originally developed by Ron Minnich <rminnich@sandia.gov>
|
|
and Maya Gokhale. Additional development by Greg Watson
|
|
<gwatson@lanl.gov> and most recently Eric Van Hensbergen
|
|
<ericvh@gmail.com>, Latchesar Ionkov <lucho@ionkov.net> and Russ Cox
|
|
<rsc@swtch.com>.
|
|
|
|
The best detailed explanation of the Linux implementation and applications of
|
|
the 9p client is available in the form of a USENIX paper:
|
|
http://www.usenix.org/events/usenix05/tech/freenix/hensbergen.html
|
|
|
|
Other applications are described in the following papers:
|
|
* XCPU & Clustering
|
|
http://www.xcpu.org/xcpu-talk.pdf
|
|
* KVMFS: control file system for KVM
|
|
http://www.xcpu.org/kvmfs.pdf
|
|
* CellFS: A New ProgrammingModel for the Cell BE
|
|
http://www.xcpu.org/cellfs-talk.pdf
|
|
* PROSE I/O: Using 9p to enable Application Partitions
|
|
http://plan9.escet.urjc.es/iwp9/cready/PROSE_iwp9_2006.pdf
|
|
|
|
USAGE
|
|
=====
|
|
|
|
For remote file server:
|
|
|
|
mount -t 9p 10.10.1.2 /mnt/9
|
|
|
|
For Plan 9 From User Space applications (http://swtch.com/plan9)
|
|
|
|
mount -t 9p `namespace`/acme /mnt/9 -o trans=unix,uname=$USER
|
|
|
|
OPTIONS
|
|
=======
|
|
|
|
trans=name select an alternative transport. Valid options are
|
|
currently:
|
|
unix - specifying a named pipe mount point
|
|
tcp - specifying a normal TCP/IP connection
|
|
fd - used passed file descriptors for connection
|
|
(see rfdno and wfdno)
|
|
|
|
uname=name user name to attempt mount as on the remote server. The
|
|
server may override or ignore this value. Certain user
|
|
names may require authentication.
|
|
|
|
aname=name aname specifies the file tree to access when the server is
|
|
offering several exported file systems.
|
|
|
|
cache=mode specifies a cacheing policy. By default, no caches are used.
|
|
loose = no attempts are made at consistency,
|
|
intended for exclusive, read-only mounts
|
|
|
|
debug=n specifies debug level. The debug level is a bitmask.
|
|
0x01 = display verbose error messages
|
|
0x02 = developer debug (DEBUG_CURRENT)
|
|
0x04 = display 9p trace
|
|
0x08 = display VFS trace
|
|
0x10 = display Marshalling debug
|
|
0x20 = display RPC debug
|
|
0x40 = display transport debug
|
|
0x80 = display allocation debug
|
|
|
|
rfdno=n the file descriptor for reading with trans=fd
|
|
|
|
wfdno=n the file descriptor for writing with trans=fd
|
|
|
|
maxdata=n the number of bytes to use for 9p packet payload (msize)
|
|
|
|
port=n port to connect to on the remote server
|
|
|
|
noextend force legacy mode (no 9p2000.u semantics)
|
|
|
|
dfltuid attempt to mount as a particular uid
|
|
|
|
dfltgid attempt to mount with a particular gid
|
|
|
|
afid security channel - used by Plan 9 authentication protocols
|
|
|
|
nodevmap do not map special files - represent them as normal files.
|
|
This can be used to share devices/named pipes/sockets between
|
|
hosts. This functionality will be expanded in later versions.
|
|
|
|
access there are three access modes.
|
|
user = if a user tries to access a file on v9fs
|
|
filesystem for the first time, v9fs sends an
|
|
attach command (Tattach) for that user.
|
|
This is the default mode.
|
|
<uid> = allows only user with uid=<uid> to access
|
|
the files on the mounted filesystem
|
|
any = v9fs does single attach and performs all
|
|
operations as one user
|
|
|
|
RESOURCES
|
|
=========
|
|
|
|
Our current recommendation is to use Inferno (http://www.vitanuova.com/inferno)
|
|
as the 9p server. You can start a 9p server under Inferno by issuing the
|
|
following command:
|
|
; styxlisten -A tcp!*!564 export '#U*'
|
|
|
|
The -A specifies an unauthenticated export. The 564 is the port # (you may
|
|
have to choose a higher port number if running as a normal user). The '#U*'
|
|
specifies exporting the root of the Linux name space. You may specify a
|
|
subset of the namespace by extending the path: '#U*'/tmp would just export
|
|
/tmp. For more information, see the Inferno manual pages covering styxlisten
|
|
and export.
|
|
|
|
A Linux version of the 9p server is now maintained under the npfs project
|
|
on sourceforge (http://sourceforge.net/projects/npfs). The currently
|
|
maintained version is the single-threaded version of the server (named spfs)
|
|
available from the same CVS repository.
|
|
|
|
There are user and developer mailing lists available through the v9fs project
|
|
on sourceforge (http://sourceforge.net/projects/v9fs).
|
|
|
|
News and other information is maintained on SWiK (http://swik.net/v9fs).
|
|
|
|
Bug reports may be issued through the kernel.org bugzilla
|
|
(http://bugzilla.kernel.org)
|
|
|
|
For more information on the Plan 9 Operating System check out
|
|
http://plan9.bell-labs.com/plan9
|
|
|
|
For information on Plan 9 from User Space (Plan 9 applications and libraries
|
|
ported to Linux/BSD/OSX/etc) check out http://swtch.com/plan9
|
|
|
|
|
|
STATUS
|
|
======
|
|
|
|
The 2.6 kernel support is working on PPC and x86.
|
|
|
|
PLEASE USE THE KERNEL BUGZILLA TO REPORT PROBLEMS. (http://bugzilla.kernel.org)
|
|
|