> if one dedicates a machine (or vm) > to the file server, than one can be sure that punting the cpu server will > leave one's files available and bugs in the cpu server won't leak over.
There's also a security advantage to reducing the amount of extra stuff running on the same machine as the file service. One of the things that really impressed me on my first encounter with Plan 9 was the clean separation of file service from everything else, in the original stand-alone fs. Little danger of a buffer overflow being exploited to exec a shell, when the fs kernel doesn't have an exec.
