>Another concern would be: what UID owns files created by such processes?
I don't think it could be anything other than the current euid; otherwise it is too easy to create files under a different uid. >For non-basic privs we can always do things with the client's root >credential and, when creating files, use the create_as option in NFSv4. >Then the client could emulate FILE_DAC_*. > >For basic privs it's harder; if the client had a "nobody" credential >then it could use that. No, because it's not fine-grained enough. Casper _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
