From owner-freebsd-current@FreeBSD.ORG Mon Jul 9 09:50:18 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C452B106566C for ; Mon, 9 Jul 2012 09:50:18 +0000 (UTC) (envelope-from simon@comsys.ntu-kpi.kiev.ua) Received: from comsys.kpi.ua (comsys.kpi.ua [77.47.192.42]) by mx1.freebsd.org (Postfix) with ESMTP id 393C58FC12 for ; Mon, 9 Jul 2012 09:50:18 +0000 (UTC) Received: from pm513-1.comsys.kpi.ua ([10.18.52.101] helo=pm513-1.comsys.ntu-kpi.kiev.ua) by comsys.kpi.ua with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1SoAbh-00069J-Dj; Mon, 09 Jul 2012 12:50:17 +0300 Received: by pm513-1.comsys.ntu-kpi.kiev.ua (Postfix, from userid 1001) id 970F71CC1E; Mon, 9 Jul 2012 12:50:12 +0300 (EEST) Date: Mon, 9 Jul 2012 12:50:12 +0300 From: Andrey Simonenko To: Rick Macklem Message-ID: <20120709095012.GB1338@pm513-1.comsys.ntu-kpi.kiev.ua> References: <4FF9C4F6.9020402@unsane.co.uk> <854827461.102645.1341791291213.JavaMail.root@erie.cs.uoguelph.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <854827461.102645.1341791291213.JavaMail.root@erie.cs.uoguelph.ca> User-Agent: Mutt/1.5.21 (2010-09-15) X-Authenticated-User: simon@comsys.ntu-kpi.kiev.ua X-Authenticator: plain X-Sender-Verify: SUCCEEDED (sender exists & accepts mail) X-Exim-Version: 4.63 (build at 28-Apr-2011 07:11:12) X-Date: 2012-07-09 12:50:17 X-Connected-IP: 10.18.52.101:37514 X-Message-Linecount: 50 X-Body-Linecount: 33 X-Message-Size: 2376 X-Body-Size: 1573 Cc: freebsd-current@freebsd.org, Vincent Hoffman Subject: Re: Occassional "permission denied" in the middle of a large transfer over NFS X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 09:50:18 -0000 On Sun, Jul 08, 2012 at 07:48:11PM -0400, Rick Macklem wrote: > > > Replying to myself just as a record, I have tried nfse and I didnt get > > the permission denied at all. > > The only issue I had with it is that it strictly adheres to the syntax > > in exports(5) while mountd is a little more flexible. > > > > I had > > /usr/local/export -alldirs -maproot=root 85.xx.xx.xx > > > > /usr is the root of that filesystem > > > > mountd - allowed this but actually silently exports /usr (and all dirs > > below) > > > Not exactly correct. mountd exports the entire file system in the kernel > for the NFS server, since exports can only be attached to the mount points > in the kernel. However, when the client's mount protocol requests a mount > file handle for anything other than /usr/local/export, it will refuse that. > (Which means that to mount anything other than /usr/local/export, the client > must maliciously "guess" the file handle for mounting.) > > Put another way, a "non-malicious" NFSv3 client will only be able to mount > /usr/local/export. Robert Watson calls this an "administrative control" and > feels that it is necessary. According to the exports(5) manual page and this example (/usr is the mount point and the -alldir option is given), this example means the following: "export /usr/local/export only if it is or will be a mount point and administratively export all subdirectories under it for NFSv2/3 clients". Good description of the -alldirs option is given in the EXAMPLES section from exports(5) in paragraph about "/cdrom -alldirs".