| Message ID | 1383064066-1139-1-git-send-email-dros@netapp.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Oct 29, 2013, at 12:27 PM, Weston Andros Adamson <dros@netapp.com> wrote: > The client now supports multiple sec= options as a colon delimited list. > > Signed-off-by: Weston Andros Adamson <dros@netapp.com> > --- > utils/mount/nfs.man | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man > index 2a42b93..17b8d88 100644 > --- a/utils/mount/nfs.man > +++ b/utils/mount/nfs.man > @@ -380,9 +380,10 @@ If a value of zero is specified, the > .BR mount (8) > command exits immediately after the first failure. > .TP 1.5i > -.BI sec= flavor > -The security flavor to use for accessing files on this mount point. > -If the server does not support this flavor, the mount operation fails. > +.BI sec= flavors > +A colon-delimited list of security flavors to use for accessing files on > +this mount point. If the server does not support any of these flavors, > +the mount operation fails. Just a nit: The new text kind of suggests that the colons are required. "sec=single flavor" is also still supported. Typically man page language is careful to show both. > If > .B sec= > is not specified, the client attempts to find > -- > 1.8.3.1 (Apple Git-46) > > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html
> -----Original Message----- > From: linux-nfs-owner@vger.kernel.org [mailto:linux-nfs- > owner@vger.kernel.org] On Behalf Of Chuck Lever > Sent: Tuesday, October 29, 2013 12:30 PM > To: Weston Andros Adamson > Cc: steved@redhat.com; linux-nfs@vger.kernel.org > Subject: Re: [PATCH] nfs.man: add description of multiple sec= options > > > On Oct 29, 2013, at 12:27 PM, Weston Andros Adamson <dros@netapp.com> > wrote: > > > The client now supports multiple sec= options as a colon delimited list. > > > > Signed-off-by: Weston Andros Adamson <dros@netapp.com> > > --- > > utils/mount/nfs.man | 7 ++++--- > > 1 file changed, 4 insertions(+), 3 deletions(-) > > > > diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man index > > 2a42b93..17b8d88 100644 > > --- a/utils/mount/nfs.man > > +++ b/utils/mount/nfs.man > > @@ -380,9 +380,10 @@ If a value of zero is specified, the .BR mount > > (8) command exits immediately after the first failure. > > .TP 1.5i > > -.BI sec= flavor > > -The security flavor to use for accessing files on this mount point. > > -If the server does not support this flavor, the mount operation fails. > > +.BI sec= flavors > > +A colon-delimited list of security flavors to use for accessing files > > +on this mount point. If the server does not support any of these > > +flavors, the mount operation fails. > > Just a nit: The new text kind of suggests that the colons are required. > "sec=single flavor" is also still supported. Typically man page language is > careful to show both. How about "colon-separated list of one or more security flavours"? That's less ambiguous than "colon-delimited"... Cheers Trond -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Oct 29, 2013, at 12:36 PM, "Myklebust, Trond" <Trond.Myklebust@netapp.com> wrote: >> -----Original Message----- >> From: linux-nfs-owner@vger.kernel.org [mailto:linux-nfs- >> owner@vger.kernel.org] On Behalf Of Chuck Lever >> Sent: Tuesday, October 29, 2013 12:30 PM >> To: Weston Andros Adamson >> Cc: steved@redhat.com; linux-nfs@vger.kernel.org >> Subject: Re: [PATCH] nfs.man: add description of multiple sec= options >> >> >> On Oct 29, 2013, at 12:27 PM, Weston Andros Adamson <dros@netapp.com> >> wrote: >> >>> The client now supports multiple sec= options as a colon delimited list. >>> >>> Signed-off-by: Weston Andros Adamson <dros@netapp.com> >>> --- >>> utils/mount/nfs.man | 7 ++++--- >>> 1 file changed, 4 insertions(+), 3 deletions(-) >>> >>> diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man index >>> 2a42b93..17b8d88 100644 >>> --- a/utils/mount/nfs.man >>> +++ b/utils/mount/nfs.man >>> @@ -380,9 +380,10 @@ If a value of zero is specified, the .BR mount >>> (8) command exits immediately after the first failure. >>> .TP 1.5i >>> -.BI sec= flavor >>> -The security flavor to use for accessing files on this mount point. >>> -If the server does not support this flavor, the mount operation fails. >>> +.BI sec= flavors >>> +A colon-delimited list of security flavors to use for accessing files >>> +on this mount point. If the server does not support any of these >>> +flavors, the mount operation fails. >> >> Just a nit: The new text kind of suggests that the colons are required. >> "sec=single flavor" is also still supported. Typically man page language is >> careful to show both. > > How about "colon-separated list of one or more security flavours"? That's less ambiguous than "colon-delimited"... Maybe Dros could also update the EXAMPLES section with one of each. Just a thought.
On Oct 29, 2013, at 12:30 PM, Chuck Lever <chuck.lever@oracle.com> wrote: > > On Oct 29, 2013, at 12:27 PM, Weston Andros Adamson <dros@netapp.com> wrote: > >> The client now supports multiple sec= options as a colon delimited list. >> >> Signed-off-by: Weston Andros Adamson <dros@netapp.com> >> --- >> utils/mount/nfs.man | 7 ++++--- >> 1 file changed, 4 insertions(+), 3 deletions(-) >> >> diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man >> index 2a42b93..17b8d88 100644 >> --- a/utils/mount/nfs.man >> +++ b/utils/mount/nfs.man >> @@ -380,9 +380,10 @@ If a value of zero is specified, the >> .BR mount (8) >> command exits immediately after the first failure. >> .TP 1.5i >> -.BI sec= flavor >> -The security flavor to use for accessing files on this mount point. >> -If the server does not support this flavor, the mount operation fails. >> +.BI sec= flavors >> +A colon-delimited list of security flavors to use for accessing files on >> +this mount point. If the server does not support any of these flavors, >> +the mount operation fails. > > Just a nit: The new text kind of suggests that the colons are required. "sec=single flavor" is also still supported. Typically man page language is careful to show both. Good point. Should there be separate sections or should we do something like: sec=flavor(s) The security flavor or flavors to use for accessing files on this mount point. Multiple security flavors may be specified as a colon-delimited list. If the server does not support any of these flavors the mount operation fails. ... -dros > > >> If >> .B sec= >> is not specified, the client attempts to find >> -- >> 1.8.3.1 (Apple Git-46) >> >> -- >> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- > Chuck Lever > chuck[dot]lever[at]oracle[dot]com -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Oct 29, 2013, at 12:36 PM, Myklebust, Trond <Trond.Myklebust@netapp.com> wrote: >> -----Original Message----- >> From: linux-nfs-owner@vger.kernel.org [mailto:linux-nfs- >> owner@vger.kernel.org] On Behalf Of Chuck Lever >> Sent: Tuesday, October 29, 2013 12:30 PM >> To: Weston Andros Adamson >> Cc: steved@redhat.com; linux-nfs@vger.kernel.org >> Subject: Re: [PATCH] nfs.man: add description of multiple sec= options >> >> >> On Oct 29, 2013, at 12:27 PM, Weston Andros Adamson <dros@netapp.com> >> wrote: >> >>> The client now supports multiple sec= options as a colon delimited list. >>> >>> Signed-off-by: Weston Andros Adamson <dros@netapp.com> >>> --- >>> utils/mount/nfs.man | 7 ++++--- >>> 1 file changed, 4 insertions(+), 3 deletions(-) >>> >>> diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man index >>> 2a42b93..17b8d88 100644 >>> --- a/utils/mount/nfs.man >>> +++ b/utils/mount/nfs.man >>> @@ -380,9 +380,10 @@ If a value of zero is specified, the .BR mount >>> (8) command exits immediately after the first failure. >>> .TP 1.5i >>> -.BI sec= flavor >>> -The security flavor to use for accessing files on this mount point. >>> -If the server does not support this flavor, the mount operation fails. >>> +.BI sec= flavors >>> +A colon-delimited list of security flavors to use for accessing files >>> +on this mount point. If the server does not support any of these >>> +flavors, the mount operation fails. >> >> Just a nit: The new text kind of suggests that the colons are required. >> "sec=single flavor" is also still supported. Typically man page language is >> careful to show both. > > How about "colon-separated list of one or more security flavours"? That's less ambiguous than "colon-delimited"… OK, but fwiw I aped that from the exports manpage: sec= The sec= option, followed by a colon-delimited list of security flavors, restricts the export to clients using those flavors. Available security flavors include sys (the default--no crypto? … So it: 1) isn’t clear that one flavor is an option. 2) says “colon-delimited" Should we clean this up too? -dros
On Oct 29, 2013, at 12:40 PM, Weston Andros Adamson <dros@netapp.com> wrote: > > On Oct 29, 2013, at 12:30 PM, Chuck Lever <chuck.lever@oracle.com> wrote: > >> >> On Oct 29, 2013, at 12:27 PM, Weston Andros Adamson <dros@netapp.com> wrote: >> >>> The client now supports multiple sec= options as a colon delimited list. >>> >>> Signed-off-by: Weston Andros Adamson <dros@netapp.com> >>> --- >>> utils/mount/nfs.man | 7 ++++--- >>> 1 file changed, 4 insertions(+), 3 deletions(-) >>> >>> diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man >>> index 2a42b93..17b8d88 100644 >>> --- a/utils/mount/nfs.man >>> +++ b/utils/mount/nfs.man >>> @@ -380,9 +380,10 @@ If a value of zero is specified, the >>> .BR mount (8) >>> command exits immediately after the first failure. >>> .TP 1.5i >>> -.BI sec= flavor >>> -The security flavor to use for accessing files on this mount point. >>> -If the server does not support this flavor, the mount operation fails. >>> +.BI sec= flavors >>> +A colon-delimited list of security flavors to use for accessing files on >>> +this mount point. If the server does not support any of these flavors, >>> +the mount operation fails. >> >> Just a nit: The new text kind of suggests that the colons are required. "sec=single flavor" is also still supported. Typically man page language is careful to show both. > > Good point. > > Should there be separate sections or should we do something like: > > sec=flavor(s) > > The security flavor or flavors to use for accessing files on this > mount point. Multiple security flavors may be specified as a > colon-delimited list. If the server does not support any of these flavors > the mount operation fails. The current text is: sec=flavor The security flavor to use for accessing files on this mount point. If the server does not support this flavor, the mount operation fails. If sec= is not specified, the client attempts to find a security flavor that both the client and the server supports. Valid flavors are none, sys, krb5, krb5i, and krb5p. Refer to the SECURITY CONSIDERATIONS section for details. You might consider: > sec=flavorlist > > The security flavor or flavors to use when accessing files on this mount point. Multiple flavors are specified as a colon-delimited list. If sec= is not specified, the mount's security flavor list contains all security flavors the client supports. > > The client chooses the strongest flavor on this list that is supported by the export's security policy. If the server does not support any of these flavors, the mount operation fails. > > Valid flavors are .... I think my description of the negotiation strategy could be made more accurate, and you should mention how (whether?) flavor list ordering works. Do you feel this is too much for a single section? Some detail can be moved to SECURITY CONSIDERATIONS.
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man index 2a42b93..17b8d88 100644 --- a/utils/mount/nfs.man +++ b/utils/mount/nfs.man @@ -380,9 +380,10 @@ If a value of zero is specified, the .BR mount (8) command exits immediately after the first failure. .TP 1.5i -.BI sec= flavor -The security flavor to use for accessing files on this mount point. -If the server does not support this flavor, the mount operation fails. +.BI sec= flavors +A colon-delimited list of security flavors to use for accessing files on +this mount point. If the server does not support any of these flavors, +the mount operation fails. If .B sec= is not specified, the client attempts to find
The client now supports multiple sec= options as a colon delimited list. Signed-off-by: Weston Andros Adamson <dros@netapp.com> --- utils/mount/nfs.man | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)