Re: FS: hardlinks on directories
From: Jesse Pollard (jesse_at_cats-chateau.net)
Date: 08/04/03
- Previous message: Jesse Barnes: "[PATCH] make lookup_create non-static"
- In reply to: Stephan von Krawczynski: "Re: FS: hardlinks on directories"
- Next in thread: Stephan von Krawczynski: "Re: FS: hardlinks on directories"
- Reply: Stephan von Krawczynski: "Re: FS: hardlinks on directories"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: Stephan von Krawczynski <skraw@ithnet.com>, herbert@13thfloor.at Date: Mon, 4 Aug 2003 16:38:17 -0500
On Monday 04 August 2003 11:35, Stephan von Krawczynski wrote:
> On Mon, 4 Aug 2003 18:16:57 +0200
>
> Herbert Pötzl <herbert@13thfloor.at> wrote:
> > on the other hand, if you want somebody to implement
> > this stuff for you, you'll have to provide convincing
> > arguments for it, I for example, would be glad if
> > hardlinks where removed from unix altogether ...
>
> Huh, hard stuff!
>
> Explain your solution for a very common problem:
>
> You have a _big_ fileserver, say some SAN or the like with Gigs.
> Your data on it is organized according to your basic user structure,
> because it is very handy to have all data from one user altogether in one
> directory. You have lots of hosts that use parts of the users' data for a
> wide range of purposes, lets say web, ftp, sql, name one.
> If you cannot re-structure and export your data according to the
> requirements of your external hosts (web-trees to webserver, sql-trees to
> sql-server, ftp-trees to ftp-server, name-it to cool-server) you will have
> to export the total user tree to all your (cluster-) nodes. Do you want
> that? NO! Of course you don't want that in times of hacked webservers and
> uncontrollable sql-servers. If anything blows up you likely loose all data
> at once. On the other hand, if you managed to link all web-data together in
> one directory and exported that to your webservers and they are hacked, you
> just blew up all your web-data but nothing more. This is a remarkable risk
> reduction.
> And now? Name your idea to export only the data needed to the servers that
> need it. And keep in mind, we are talking of Gigs and tenthousands of
> users. You definitely don't want one mount per user per service.
> Can you think of a more elegant way to solve such a problem than
> hardlinking all web in one single webtree, all sql in one single sql tree
> ... and then export this single tree (with its artificial structure) to the
> corresponding server?
> I am curiously listening...
Don't do that. It is too insecure.
1. the structure you describe is FRAGILE. Just adding one more entry
could/would break the entire structure.
2. If you mix security structures like this you WILL get a problem.
What you do is copy the declassified data to a nonsecure area (also known
as released data). This way the user can modify internal cata without
causing the web server potentially catastrophic releases.
Same with the SQL. Do not attmept to mix sensitive and nonsensitive data
this way.
If you web server got hacked, how do you prevent the hack from ADDING
more links? Or adding SQL injections to other applications...
If you've get this much disk space, then you can afford to provide isolated
data too.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- Previous message: Jesse Barnes: "[PATCH] make lookup_create non-static"
- In reply to: Stephan von Krawczynski: "Re: FS: hardlinks on directories"
- Next in thread: Stephan von Krawczynski: "Re: FS: hardlinks on directories"
- Reply: Stephan von Krawczynski: "Re: FS: hardlinks on directories"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
