On Sun, Jul 08, 2012 at 07:48:11PM -0400, Rick Macklem wrote:
>
> > Replying to myself just as a record, I have tried nfse and I didnt get
> > the permission denied at all.
> > The only issue I had with it is that it strictly adheres to the syntax
> > in exports(5) while mountd is a little more flexible.
> > 
> > I had
> > /usr/local/export -alldirs -maproot=root 85.xx.xx.xx
> > 
> > /usr is the root of that filesystem
> > 
> > mountd - allowed this but actually silently exports /usr (and all dirs
> > below)
> > 
> Not exactly correct. mountd exports the entire file system in the kernel
> for the NFS server, since exports can only be attached to the mount points
> in the kernel. However, when the client's mount protocol requests a mount
> file handle for anything other than /usr/local/export, it will refuse that.
> (Which means that to mount anything other than /usr/local/export, the client
>  must maliciously "guess" the file handle for mounting.)
> 
> Put another way, a "non-malicious" NFSv3 client will only be able to mount
> /usr/local/export. Robert Watson calls this an "administrative control" and
> feels that it is necessary.

According to the exports(5) manual page and this example (/usr is the mount
point and the -alldir option is given), this example means the following:
"export /usr/local/export only if it is or will be a mount point and
administratively export all subdirectories under it for NFSv2/3 clients".
Good description of the -alldirs option is given in the EXAMPLES section
from exports(5) in paragraph about "/cdrom -alldirs".

_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to