On 07/29/14 11:21, John-Mark Gurney wrote: > Rick Macklem wrote this message on Mon, Jul 28, 2014 at 18:47 -0400: >> Russell L. Carter wrote: >>> On 07/28/14 05:55, Rick Macklem wrote: >>> >>>> Assuming /export is one file system on the server, put all >>>> the exports in a single entry, something like: >>>> V4: /export -sec=sys -network 10.0.10 -mask 255.255.255.0 >>>> /export/usr/src /export/usr/obj /export/usr/ports /export/packages >>>> /export/library -maproot=root >>>> >>>> OR you can just allow the clients to mount any location >>>> within the server file system using -alldirs like: >>>> V4: /export -sec=sys -network 10.0.10 -mask 255.255.255.0 >>>> /export -alldirs -maproot=root >>>> >>>> At least I think I got this correct;-) rick >>> >>> Then it would seem that that it is not possible to do per-host >>> filesystem access control from a single server. Is that true? >>> >> Yes, you can. Each line must be unique w.r.t. the tuple of >> <host, server-filesystem>.
This seems to work, and I don't have spam in my log: V4: /export -sec=sys /export/library -maproot=root linuxen /export -maproot=root fbsden However, 'linuxen' and 'fbsden' are defined in netgroup(5): linuxen (bruno,,n1.pinyon.org) fbsden (psf,,n1.pinyon.org) (knuth,,n1.pinyon.org) but the linux host can mount /export/usr/* just fine :-(. >> When there are multiple directories within a file system that >> needs to be mounted by a given host (or subnet), those must be >> specified in a single entry. > > You know.. mountd really should grow the smarts to handle this, and > warn if the various settings for the fs don't match between lines... > > i.e. union the lines as long as they match... > > Could be a good project for someone(tm)... > vfs_export and friends are impressively densely written... Cheers, Russell _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
