From owner-freebsd-current Mon Aug 2 0:59:56 1999 Delivered-To: freebsd-current@freebsd.org Received: from cygnus.rush.net (cygnus.rush.net [209.45.245.133]) by hub.freebsd.org (Postfix) with ESMTP id 12DF914F04 for ; Mon, 2 Aug 1999 00:59:46 -0700 (PDT) (envelope-from bright@rush.net) Received: from localhost (bright@localhost) by cygnus.rush.net (8.9.3/8.9.3) with SMTP id DAA22179; Mon, 2 Aug 1999 03:58:20 -0400 (EDT) Date: Mon, 2 Aug 1999 03:58:18 -0400 (EDT) From: Alfred Perlstein To: Kevin Day Cc: Matthew Dillon , Martin Blapp , freebsd-current@FreeBSD.ORG Subject: Re: mountpoint locking with fbsd-nfs In-Reply-To: <199908020423.XAA95716@celery.dragondata.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 1 Aug 1999, Kevin Day wrote: > > > > :Yeah, I know about -alldirs... The problem was that we had customers who > > :wanted us to export their home directories, and unless I gave them their own > > :filesystem, I couldn't restrict it in the manner i wanted. :) > > : > > :Just checking to see that I wasn't missing a way to do this. :) > > : > > :Kevin > > > > I've never in my life tried this - it probably won't work, but ... > > use the null device maybe to create a mount point for each home > > dir and then export that? > > > > I think it sees through this. > > su-2.03# cat /etc/exports > /var home > /mnt home > su-2.03# mount > /dev/wd0s1a on / (NFS exported, local, noatime, soft-updates, writes: sync > 3970 async 1321097) > procfs on /proc (local) > nfs:/home on /usr/home (noatime) > nfs:/var/mail on /var/mail (noatime) > /var/tmp on /mnt (local) > su-2.03# mountd > Aug 1 23:17:48 celery mountd[89177]: can't change attributes for /mnt > > That was a very good idea though, i'd never have thought of it. :) > > I'll have to play with this more. :) It cannot ever work properly. NFS is stateless, the nfs filehandles refer to inodes, you may be able to get this to actually export files, however i'm pretty sure without other measures someone would be able to cons up a fake nfs handle for files he doesn't own. (I think) Here's two things that may work: exporting -alldirs to specific hosts using the -mapall option in /exports /home -mapall=robert roberts.machine /home -mapall=julian julains.machine using a vn device, creating a ufs on it and then mounting it, then exporting it. this gives you nice per-user quotas as well :) -Alfred Perlstein - [bright@rush.net|bright@wintelcom.net] systems administrator and programmer Wintelcom - http://www.wintelcom.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message