Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 29 Jul 2014 11:21:34 -0700
From:      John-Mark Gurney <jmg@funkthat.com>
To:        Rick Macklem <rmacklem@uoguelph.ca>
Cc:        "Russell L. Carter" <rcarter@pinyon.org>, freebsd-net@freebsd.org
Subject:   Re: nfsd spam in /var/log/messages
Message-ID:  <20140729182134.GA43962@funkthat.com>
In-Reply-To: <1817833305.4592918.1406587646770.JavaMail.root@uoguelph.ca>
References:  <53D6ACD6.2030204@pinyon.org> <1817833305.4592918.1406587646770.JavaMail.root@uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
Rick Macklem wrote this message on Mon, Jul 28, 2014 at 18:47 -0400:
> Russell L. Carter wrote:
> > On 07/28/14 05:55, Rick Macklem wrote:
> > 
> > > Assuming /export is one file system on the server, put all
> > > the exports in a single entry, something like:
> > > V4: /export -sec=sys -network 10.0.10 -mask 255.255.255.0
> > > /export/usr/src /export/usr/obj /export/usr/ports /export/packages
> > > /export/library -maproot=root
> > > 
> > > OR you can just allow the clients to mount any location
> > >    within the server file system using -alldirs like:
> > > V4: /export -sec=sys -network 10.0.10 -mask 255.255.255.0
> > > /export -alldirs -maproot=root
> > > 
> > > At least I think I got this correct;-) rick
> > 
> > Then it would seem that that it is not possible to do per-host
> > filesystem access control from a single server.  Is that true?
> > 
> Yes, you can. Each line must be unique w.r.t. the tuple of
> <host, server-filesystem>.
> 
> When there are multiple directories within a file system that
> needs to be mounted by a given host (or subnet), those must be
> specified in a single entry.

You know.. mountd really should grow the smarts to handle this, and
warn if the various settings for the fs don't match between lines...

i.e. union the lines as long as they match...

Could be a good project for someone(tm)...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140729182134.GA43962>