On Sun, Jul 08, 2012 at 07:48:11PM -0400, Rick Macklem wrote: > > > Replying to myself just as a record, I have tried nfse and I didnt get > > the permission denied at all. > > The only issue I had with it is that it strictly adheres to the syntax > > in exports(5) while mountd is a little more flexible. > > > > I had > > /usr/local/export -alldirs -maproot=root 85.xx.xx.xx > > > > /usr is the root of that filesystem > > > > mountd - allowed this but actually silently exports /usr (and all dirs > > below) > > > Not exactly correct. mountd exports the entire file system in the kernel > for the NFS server, since exports can only be attached to the mount points > in the kernel. However, when the client's mount protocol requests a mount > file handle for anything other than /usr/local/export, it will refuse that. > (Which means that to mount anything other than /usr/local/export, the client > must maliciously "guess" the file handle for mounting.) > > Put another way, a "non-malicious" NFSv3 client will only be able to mount > /usr/local/export. Robert Watson calls this an "administrative control" and > feels that it is necessary.
According to the exports(5) manual page and this example (/usr is the mount point and the -alldir option is given), this example means the following: "export /usr/local/export only if it is or will be a mount point and administratively export all subdirectories under it for NFSv2/3 clients". Good description of the -alldirs option is given in the EXAMPLES section from exports(5) in paragraph about "/cdrom -alldirs". _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"