nfsv4 export and foot shooting
- Reply: mike tancsa : "Re: nfsv4 export and foot shooting"
- Reply: Andrea Venturoli : "Re: nfsv4 export and foot shooting"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 16 Mar 2022 14:37:07 UTC
I am trying to get my head around the nfsv4 way of thinking about the exports format and cant quite see how the best way to do it is. I have a build server where I build world and packages daily. Ideally, on a client machine, I would like to mount /usr/src and /usr/obj read-only so I can install world from there. For nfsv4, the export line says I need to specify the root directory first. But I dont want to export all of / Is there no way to just export /usr/src and /usr/obj and nothing above it ? It seems if I just have V4:/ /usr/src /usr/obj -ro -network 192.168.0.0/16 192.168.0.0/16 is able to mount / from the server which is not what I want If I put V4:/usr it will work, but then 192.168.0.0/16 can still access /usr/bin etc on the server. having an export file with JUST V4: / sort of makes sense in that no one can mount anything but progressing to V4:/ /usr/src /usr/obj -ro -network 192.168.0.0/16 means that 192.168.0.0/16 can mount /usr/src and /usr/obj, but also / which seems counter intuitive. The server's rc.conf is just nfsv4_server_enable="YES" # Enable support for NFSv4 nfsv4_server_only="YES" nfs_server_enable="YES" This is 13.1-STABLE. The server is UFS ---Mike