From owner-freebsd-fs@freebsd.org Tue Aug 18 14:05:08 2020 Return-Path: Delivered-To: freebsd-fs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id ABF6E3BD7A5 for ; Tue, 18 Aug 2020 14:05:08 +0000 (UTC) (envelope-from SRS0=1DSH=B4=perdition.city=julien@bebif.be) Received: from orval.bbpf.belspo.be (orval.bbpf.belspo.be [193.191.208.90]) by mx1.freebsd.org (Postfix) with ESMTP id 4BWCNM3r50z46mH; Tue, 18 Aug 2020 14:05:07 +0000 (UTC) (envelope-from SRS0=1DSH=B4=perdition.city=julien@bebif.be) Received: from x1 (77.109.123.220.adsl.dyn.edpnet.net [77.109.123.220]) by orval.bbpf.belspo.be (Postfix) with ESMTPSA id 140FD1D4FC25; Tue, 18 Aug 2020 16:05:05 +0200 (CEST) Date: Tue, 18 Aug 2020 16:05:02 +0200 From: Julien Cigar To: Allan Jude Cc: freebsd-fs@freebsd.org Subject: Re: nested zfs datasets and NFS4 Message-ID: <20200818140502.3s4uc6g3r7lagpfp@x1> Mail-Followup-To: Allan Jude , freebsd-fs@freebsd.org References: <20200818091643.7yur2ix52z7kppea@x1> <06bf3020-a8b1-8754-7a76-a34086fc1e6b@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <06bf3020-a8b1-8754-7a76-a34086fc1e6b@freebsd.org> X-Rspamd-Queue-Id: 4BWCNM3r50z46mH X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=1DSH=B4=perdition.city=julien@bebif.be designates 193.191.208.90 as permitted sender) smtp.mailfrom=SRS0=1DSH=B4=perdition.city=julien@bebif.be X-Spamd-Result: default: False [0.53 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; MID_RHS_NOT_FQDN(0.50)[]; DMARC_NA(0.00)[perdition.city]; NEURAL_HAM_SHORT(-0.07)[-0.070]; RCPT_COUNT_TWO(0.00)[2]; FORGED_SENDER(0.30)[julien@perdition.city,SRS0=1DSH=B4=perdition.city=julien@bebif.be]; RCVD_NO_TLS_LAST(0.10)[]; RECEIVED_SPAMHAUS_PBL(0.00)[77.109.123.220:received]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:2611, ipnet:193.191.192.0/19, country:BE]; FROM_NEQ_ENVFROM(0.00)[julien@perdition.city,SRS0=1DSH=B4=perdition.city=julien@bebif.be]; MAILMAN_DEST(0.00)[freebsd-fs]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Aug 2020 14:05:08 -0000 On Tue, Aug 18, 2020 at 09:19:45AM -0400, Allan Jude wrote: > On 2020-08-18 05:16, Julien Cigar wrote: > > Hello, > > > > With the following configuration (1) I don't understand why do I have > > access to /usr/jails/j_www1/filer/webapps/phegea as it is not mounted..? > > I thought that with nested ZFS datasets each dataset should be exported > > and mounted explicitely .. > > > > (1): https://gist.githubusercontent.com/silenius/2f4e1418d77074d610996b0977776f18/raw/2cb2e5d0bb7ebd9c8e69d6c14245c41051c11bf5/gistfile1.txt > > > > any idea? > > > > Thanks, > > Julien > > > > > > Are you using NFSv3 or v4 on the client? v4 only > > With v4, you can cross mount boundries with a single nfs mount. This is > very useful for things like NFS mounting homedirs, as you can mount just > home and have access to each user's personal dataset with out 100s of > separate mounts on the client. interesting, I thought it was the opposite. I guess that /etc/exports is still taken into account when I'd like to mount a nested dataset as read only for example? > > If you want a child dataset NOT to be reachable, 'zfs set sharenfs=off > dataset', and it will not be reachable via NFSv4 > I don't use sharenfs (I prefer /etc/exports), and it is off by default: filer1% zfs get sharenfs data/webapps data/webapps/phegea NAME PROPERTY VALUE SOURCE data/webapps sharenfs off default data/webapps/phegea sharenfs off default (the reason why I'm not using "sharenfs" is that it was impossible in the past (don't know if it's still the case) to have multiple export lines for the same dataset, so it was impossible to export a dataset rw for somehost and ro for anotherhost) > -- > Allan Jude > -- Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced.