TY - GEN
T1 - Enhancing NFS cross-administrative domain access
AU - Spadavecchia, Joseph
AU - Zadok, Erez
N1 - Publisher Copyright:
© 2002 by The USENIX Association All Rights Reserved.
PY - 2002
Y1 - 2002
N2 - The access model of exporting NFS volumes to clients suffers from two problems. First, the server depends on the client to specify the user credentials to use and has no flexible mechanism to map or restrict the credentials given by the client. Second, when the server exports a volume, there is no mechanism to ensure that users accessing the server are only able to access their own files. We address these problems by a combination of two solutions. First, range-mapping allows the NFS server to restrict and flexibly map the credentials set by the client. Second, file-cloaking allows the server to control the data a client is able to view or access, beyond normal Unix semantics. Our design is compatible with all versions of NFS. We have implemented this work in Linux and made changes only to the NFS server code; client-side NFS and the NFS protocol remain unchanged. Our evaluation shows a minimal average performance overhead and, in some cases, an end-to-end performance improvement.
AB - The access model of exporting NFS volumes to clients suffers from two problems. First, the server depends on the client to specify the user credentials to use and has no flexible mechanism to map or restrict the credentials given by the client. Second, when the server exports a volume, there is no mechanism to ensure that users accessing the server are only able to access their own files. We address these problems by a combination of two solutions. First, range-mapping allows the NFS server to restrict and flexibly map the credentials set by the client. Second, file-cloaking allows the server to control the data a client is able to view or access, beyond normal Unix semantics. Our design is compatible with all versions of NFS. We have implemented this work in Linux and made changes only to the NFS server code; client-side NFS and the NFS protocol remain unchanged. Our evaluation shows a minimal average performance overhead and, in some cases, an end-to-end performance improvement.
UR - https://www.scopus.com/pages/publications/85084159887
M3 - Conference contribution
AN - SCOPUS:85084159887
T3 - Proceedings of the 2002 USENIX Annual Technical Conference
BT - Proceedings of the 2002 USENIX Annual Technical Conference
PB - USENIX Association
T2 - 2002 USENIX Annual Technical Conference: General Track, USENIX ATC 2002
Y2 - 10 June 2002 through 15 June 2002
ER -