Date: Tue, 29 Jul 2014 16:34:10 -0400 (EDT) From: Rick Macklem <rmacklem@uoguelph.ca> To: John-Mark Gurney <jmg@funkthat.com> Cc: "Russell L. Carter" <rcarter@pinyon.org>, freebsd-net@freebsd.org Subject: Re: nfsd spam in /var/log/messages Message-ID: <1627097637.4992011.1406666050759.JavaMail.root@uoguelph.ca> In-Reply-To: <20140729182134.GA43962@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
John-Mark Gurney wrote: > Rick Macklem wrote this message on Mon, Jul 28, 2014 at 18:47 -0400: > > Russell L. Carter wrote: > > > On 07/28/14 05:55, Rick Macklem wrote: > > > > > > > Assuming /export is one file system on the server, put all > > > > the exports in a single entry, something like: > > > > V4: /export -sec=sys -network 10.0.10 -mask 255.255.255.0 > > > > /export/usr/src /export/usr/obj /export/usr/ports > > > > /export/packages > > > > /export/library -maproot=root > > > > > > > > OR you can just allow the clients to mount any location > > > > within the server file system using -alldirs like: > > > > V4: /export -sec=sys -network 10.0.10 -mask 255.255.255.0 > > > > /export -alldirs -maproot=root > > > > > > > > At least I think I got this correct;-) rick > > > > > > Then it would seem that that it is not possible to do per-host > > > filesystem access control from a single server. Is that true? > > > > > Yes, you can. Each line must be unique w.r.t. the tuple of > > <host, server-filesystem>. > > > > When there are multiple directories within a file system that > > needs to be mounted by a given host (or subnet), those must be > > specified in a single entry. > > You know.. mountd really should grow the smarts to handle this, and > warn if the various settings for the fs don't match between lines... > > i.e. union the lines as long as they match... > > Could be a good project for someone(tm)... > Yep. Of course, once they take a look at the really old, very ugly mountd.c, they may change their minds. I, for one, am not volunteering;-) Btw, there was a somewhat non-backwards compatible utility called nfse, but the author has withdrawn his support, so I am not sure what state the sources are in. rick > -- > John-Mark Gurney Voice: +1 415 225 5579 > > "All that I will do, has been done, All that I have, has not." >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1627097637.4992011.1406666050759.JavaMail.root>