On Tue, 09 Dec 2008 21:11:40 +0100, Tom Haynes <Thomas.Haynes at sun.com> wrote:
> Kyle McDonald wrote: >> Tom Haynes wrote: >>> Kyle McDonald wrote: >>>> Functionally what's the difference between allowing root nfs access >>>> with root=*, and allowing it with anon=0? >>>> >>>> I have a JumpStart filesystem that was shared through >>>> /etc/dfs/dfstab with '-o sec=sys,ro,anon=0'. On this file system >>>> there are files that are owned by root and mode 600. During >>>> jumpstart these files can be copied fine. >>>> >>>> WHen I was converting to use sharemgr, at first I missed the fact >>>> that it has an 'anon=0' option, and decided to used 'root=*' >>>> instead. For some reason this broke things, those same files >>>> couldn't be copied. >>>> >>>> Switching back to 'anon=0' fixed things again. >>>> >>>> Why? >>>> >>>> The onnly difference I can see is that root= allows a list of hosts, >>>> but when used with an * it should work the same as anon=0 right? >>>> >>>> >>> >>> You can't use root with a '*'. >> Then the sharemgr man page needs updating. :) >> >> It says that the syntax is root=access_list, where an access_list is >> any of: *, hostname, netgroup, domainname.suffix, or network. >> > > Okay, I always go to share and not sharemgr. And I know from my > experience with share, that root does > not support wildcards... > > I agree that the sharemgr(1M) man page states that a '*' is allowed for > an access_list. > > I also agree that I think it is not working. > > If also think the '*' is not working for rw: > > [root at jhereg ~]> sharemgr create mygroup > [root at jhereg ~]> sharemgr add-share -s /tomper mygroup > [root at jhereg ~]> sharemgr set -P nfs -S sys -p root=\*,rw=\* mygroup > [root at jhereg ~]> share > foo at mygroup /tomper sec=sys,root=*,rw=* "" > > And: > > [root at pnfs-9-25 ~]> mount jhereg:/tomper /tomper > nfs mount: mount: /tomper: Permission denied > [root at pnfs-9-25 ~]> mount -o vers=4,sec=sys jhereg:/tomper /tomper > nfs mount: mount: /tomper: Permission denied > > If I make the change: > > [root at jhereg ~]> sharemgr set -P nfs -S sys -p root=\*,rw mygroup > [root at jhereg ~]> share > foo at mygroup /tomper sec=sys,root=*,rw "" > > And: > > [root at pnfs-9-25 ~]> mount -o vers=4,sec=sys jhereg:/tomper /tomper > [root at pnfs-9-25 ~]> cd /tomper > [root at pnfs-9-25 /tomper]> touch jilted > [root at pnfs-9-25 /tomper]> ls -la > total 287055 > drwxrwxrwx 3 th199096 staff 512 Dec 9 14:06 . > drwxr-xr-x 36 root root 38 Dec 8 14:10 .. > -rw-r--r-- 1 th199096 staff 83610 Dec 8 14:21 aaaa > -rw-r--r-- 1 root root 6904 Dec 8 14:23 acl.snoop > -rw-r--r-- 1 root root 7416 Dec 8 14:20 aclv4.snoop > drwxr-xr-x 3 th199096 staff 512 Dec 4 03:10 archives-nightly-osol > -rw-r--r-- 1 th199096 staff 80146 Dec 8 14:24 av3 > -rw-r--r-- 1 nobody nobody 0 Dec 2 17:46 eg > -rw-r--r-- 1 th199096 staff 0 Dec 2 16:21 it > -rw-r--r-- 1 nobody nobody 0 Dec 9 14:06 jilted > > We see that it was created with the wrong uid/gid. > > I think you should submit a bug. I've filed 6784573 sharemgr and access_list=* do not get along http://monaco.sfbay/detail.jsf?cr=6784573 to keep track of this issue. > IMHO, the share output should have shown something like the second > output for the > rw=* case. > _______________________________________________ > nfs-discuss mailing list > nfs-discuss at opensolaris.org > -- frankB It is always possible to agglutinate multiple separate problems into a single complex interdependent solution. In most cases this is a bad idea.