> IIRC, mount permissions (i.e., what IP addresses, root UID mangling, etc)
> are set per filesystem. Given a filesystem structure like this:
>
> > df
> Filesystem 1K-blocks Used Avail Capacity Mounted on
> /dev/da0s1a 127023 27151 89711 23% /
> /dev/ccd0c 8321099 2391764 5263648 31% /home
> /dev/da0s1e 2032623 732806 1137208 39% /usr
> /dev/da1s1f 2032623 816051 1053963 44% /var
> /dev/ccd1c 4001742 1571210 2110393 43% /var/mail
> procfs 4 4 0 100% /proc
>
> You can only set IP addresses to be exported to and other options only
> once for the /usr filesystem, once for the /var filesystem, etc.
>
> This doesn't mean if I export /home/doogie to 192.168.40.1 that that IP
> address can mount /home. Mount still controls the mountpoints allowed.
>
> If you want to export multiple mountpoints of the same filesystem, you
> need to specify them all on one line with one options set. Like this:
>
> /home/doogie /home/joebob /home/luser -maproot=0:0 testbox.accessus.net
>
> Jason Young
> accessUS Chief Network Engineer
>
> PS: I just realized the manpage disagrees with this; it has multiple
> exports lines for the same filesystem. I believe the manpage is wrong, at
> least in that it doesn't reflect reality. Comments from anybody?
If you have /home as a filesystem and you export /home/userj to the machine
'foo'. 'foo', in reality has access to all of home, it is the reality of
how NFS "works". In reflecting this, it kinda makes sense to place the access
controls on the filesystem itself, since that is the only thing that is
realistically determinable to the nfs "daemon" <-- term used lightly.
I believe that it is OK to have the following:
/usr -ro badhost
/usr goodhost
(as long as the permissions are not contradictory it is ok)... In fact we
use that alot here. We run into problems here because we use netgroups
and will have a single machine in multiple netgroups... ala:
/share -ro freebsd3
/share trusted
where trusted and freebsd3 share a couple of memebers, and the mountd chokes
trying to resolve the conflict.
--
David Cross | email: [EMAIL PROTECTED]
Systems Administrator/Research Programmer | Web: http://www.cs.rpi.edu/~crossd
Rensselaer Polytechnic Institute, | Ph: 518.276.2860
Department of Computer Science | Fax: 518.276.4033
I speak only for myself. | WinNT:Linux::Linux:FreeBSD
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
