It wasn't so much eaten by spam filters as "contained the word POSIX so everyone's eyes glazed over and we went into comas" :)<br><br><div>On Fri Dec 06 2013 at 1:14:48 PM, Dave Allan <<a href="mailto:dave@dpallan.com">dave@dpallan.com</a>> wrote:</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Fri, Dec 06, 2013 at 09:36:01AM -0500, John Stoffel wrote:<br>
> >>>>> "John" == John P Rouillard <<a href="mailto:rouilj@cs.umb.edu" target="_blank">rouilj@cs.umb.edu</a>> writes:<br>
><br>
> John> In message<br>
> John> <CAJFsZ=<a href="mailto:oBBwr7n_1BcJBO2e-DHJrQWp8mxGEU4tADmBkWz1Bdfw@mail.gmail.com" target="_blank">oBBwr7n_1BcJBO2e-<u></u>DHJrQWp8mxGEU4tADmBkWz1Bdfw@<u></u>mail.gmail.com</a>> ,<br>
> John> Bill Bogstad writes:<br>
> >> On Thu, Dec 5, 2013 at 10:03 AM, Edward Ned Harvey (bblisa4)<br>
> >> <<a href="mailto:bblisa4@nedharvey.com" target="_blank">bblisa4@nedharvey.com</a>> wrote:<br>
> >>>> From: <a href="mailto:bblisa-bounces@bblisa.org" target="_blank">bblisa-bounces@bblisa.org</a> [mailto:<a href="mailto:bblisa-bounces@bblisa.org" target="_blank">bblisa-bounces@bblisa.<u></u>org</a>] On<br>
> >>>> Behalf Of Alex Aminoff<br>
> >>>><br>
> >>>> Nevertheless, I tested it and unless I messed up my test, an NFS mount<br>
> >>>> with -o ro, you read a file on the mounted FS, and the access time is<br>
> >>>> updated.<br>
> >>><br>
> >>> Oh - that could explain it right there -<br>
> >>><br>
> >>> I think the client isn't the one doing the update. I think your<br>
> >>> server is updating the last access time on the file, because the<br>
> >>> server served the file to the client. The server doesn't<br>
> >>> necessarily know you mounted read-only<br>
> >><br>
> >> That makes a lot of sense. Alex doesn't say what version of the NFS<br>
> >> protocol he is using, but a quick check of the RFC for the MOUNT<br>
> >> protocol for NFSv3 (see page 105 for mount protocol<br>
> >> <a href="http://www.ietf.org/rfc/rfc1813.txt" target="_blank">http://www.ietf.org/rfc/<u></u>rfc1813.txt</a>) doesn't seem to give a way for a<br>
> >> client to indicate that it wants to mount a filesystem as readonly.<br>
> >> Maybe someone who is more familiar with the NFS protocol can confirm<br>
> >> this.<br>
><br>
> John> That is my understanding as well.<br>
><br>
> John> Also mounting a filesystem ro IIRC used to change some metadata<br>
> John> in the filesystem. Maybe last mount time, number of times<br>
> John> mounted ... depending on the FS type.<br>
><br>
> John> I know from forensics work there can be a bunch of things that<br>
> John> will change the filesystem/disk state. Hence most forensics<br>
> John> people:<br>
><br>
> John> 1) use a hardware rig that will NOT issue write commands to the<br>
> John> source disk to copy the source disk to a disk they will use<br>
> John> for investigation.<br>
> John> 2) use tools that are designed to not mess up the filesystem in the<br>
> John> investigation disk.<br>
><br>
> John> I.E. they don't consider ro mode sufficient to not change the state of<br>
> John> the disk.<br>
><br>
> I think you're missing the crucial issue here, it's an NFS mounted<br>
> filesystem. Unless the server exports ReadOnly, just because the<br>
> client mounts it read-only doesn't mean the server can't update the<br>
> atime if it likes.<br>
<br>
Not sure if my earlier message got eaten by spam filters. This<br>
behavior is specified by POSIX and has been the source of extended<br>
debate in the Linux kernel community many of whose members find it as<br>
inexplicable as we do. See, e.g.:<br>
<br>
<a href="http://lwn.net/Articles/244829/" target="_blank">http://lwn.net/Articles/<u></u>244829/</a><br>
<a href="http://thread.gmane.org/gmane.linux.kernel/565148" target="_blank">http://thread.gmane.org/gmane.<u></u>linux.kernel/565148</a><br>
<a href="http://en.wikipedia.org/wiki/Stat_%28system_call%29#Criticism_of_atime" target="_blank">http://en.wikipedia.org/wiki/<u></u>Stat_%28system_call%29#<u></u>Criticism_of_atime</a><br>
<br>
I may also be missing the point you're trying to make. :)<br>
<br>
Dave<br>
<br>
> The true test would be to export RO from an NFS server, either the<br>
> host NetApp in this case, or just any other NFS server and see what<br>
> happens. I suspect the atime updates depend more on the server side<br>
> than on the client side.<br>
><br>
> Now someone did make a change to mount with the noatime option, and<br>
> that seemed to fix the issue, correct? And it was still mounted RO,<br>
> correct?<br>
><br>
> Now how about if you export it purely RO from the server? Does the<br>
> noatime make a difference? Heh, I've got a Netapp and other systems<br>
> at work I can play with, maybe I'll do a quick test volume and let<br>
> people know... :-)<br>
><br>
> ______________________________<u></u>_________________<br>
> bblisa mailing list<br>
> <a href="mailto:bblisa@bblisa.org" target="_blank">bblisa@bblisa.org</a><br>
> <a href="http://www.bblisa.org/mailman/listinfo/bblisa" target="_blank">http://www.bblisa.org/mailman/<u></u>listinfo/bblisa</a><br>
<br>
______________________________<u></u>_________________<br>
bblisa mailing list<br>
<a href="mailto:bblisa@bblisa.org" target="_blank">bblisa@bblisa.org</a><br>
<a href="http://www.bblisa.org/mailman/listinfo/bblisa" target="_blank">http://www.bblisa.org/mailman/<u></u>listinfo/bblisa</a><br>
</blockquote>