[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: intro

From: xystrus
Subject: Re: intro
Date: Wed, 13 Mar 2002 12:37:42 -0500
User-agent: Mutt/1.3.27i

On Wed, Mar 13, 2002 at 08:56:58AM -0500, Alain Magloire wrote:
> But it turns out that the performance gain is relatively small
> for big files(lots of page fault) and most of the time the spool
> is on remote machine access across NFS.

Oops, I meant to comment more on this last bit.  I must tell you, I
absolutely *HATE* hearing about spools being accessable via NFS.
Especially on Linux, and most especially where people have root
access to their machines.  It can cause serious locking problems,
and it's a security nightmare.

If your users have root access to their machines, and you NFS 
export the mail spool, you're giving them the ability to read the
mail of anyone and everyone.  This is BAD.  It's maybe not quite
so bad in a really tiny environment where everyone knows eachother
but I know no one who doesn't get mail sent to them at work or
at school or wherever mail is sent, that isn't sometimes of a 
very personal nature.  I don't want people having the ability
to read my mail, and I suspect your users don't either.

The other problem with NFS spools is major locking issues.  This is
especially true on Linux.  There are only two methods of locking a
file on Linux that work over NFS.  The first is the creation of an
ancillary lock file using the link(2) system call.  The second is
the POSIX fcntl locking functions.  However, on Linux systems
circa prior to the release of RH 7.0, fcntl locking over NFS is
COMPLETELY BROKEN.  This is because of a bug in nfs-utils prior to
v. 0.3.1 where statd would say it took a lock, but the lock was
not actually retained.

I've seen NFS-mounted spools result in lost mail before...  it's
just a bad idea, IMO.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]