Date: Thu, 21 Jul 2005 11:30:08 -0400 From: Chuck Swiger <cswiger@mac.com> To: Sergey Matveychuk <sem@FreeBSD.org> Cc: Norbert Koch <NKoch@demig.de>, questions@FreeBSD.org Subject: Re: /etc/exports - a strange restriction Message-ID: <42DFBF80.6060109@mac.com> In-Reply-To: <42DF9F80.8060705@FreeBSD.org> References: <000701c58df1$cbabdd00$4801a8c0@ws-ew-3.W2KDEMIG> <42DF9F80.8060705@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Sergey Matveychuk wrote: > Norbert Koch wrote: >>> /usr/tinderbox -ro -alldirs -maproot=0:0 localhost >>> >> As far as I know, it is a restriction of the nfs specification. >> If you only want to export a single directory, you could e.g. >> use mount_null/mount_nullfs(8). > > Well, in my example remote host is localhost. But if I need to share > files on a network? > I've made a quick look at RFC1813 but could not find this restriction. > But why this restriction anyway for? It's very unconvenient. NFS exports filesystems, not directory trees. NFS permits you to mount a subdirectory of an export/share, but you cannot mount two child directories of a share if those directories are ancestors of one another. It's easier to mount the root of an export/share, and then use symlinks on the local drive to reference the portion of the hierarchy that you want to use. Rely on filesystem permissions to control access, assuming you trust root on the client machine. (If you don't trust root on the client machine, then you probably shouldn't be using NFS at all.) See "Managing NFS and NIS" published by O'Reilley, or maybe even this by me: http://www.pkix.net/~chuck/doc/NFS/article.html :-) -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42DFBF80.6060109>