On 07/28/14 05:55, Rick Macklem wrote:
> Assuming /export is one file system on the server, put all > the exports in a single entry, something like: > V4: /export -sec=sys -network 10.0.10 -mask 255.255.255.0 > /export/usr/src /export/usr/obj /export/usr/ports /export/packages > /export/library -maproot=root > > OR you can just allow the clients to mount any location > within the server file system using -alldirs like: > V4: /export -sec=sys -network 10.0.10 -mask 255.255.255.0 > /export -alldirs -maproot=root > > At least I think I got this correct;-) rick Then it would seem that that it is not possible to do per-host filesystem access control from a single server. Is that true? The larger project I am working on intermittently is to see if I can work out a way to secure NFSv4 so that the net transport is encrypted (via ssh|spiped tunnel, perhaps) and the server has per host (per user would be better) filesystem access control, WITHOUT kerberos. Maybe ACLs? I have looked into ACLs but they don't look very promising for multiple platform support. Thanks, Russell _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
