From owner-freebsd-stable@FreeBSD.ORG Sun Mar 21 04:15:28 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D2A4B106564A for ; Sun, 21 Mar 2010 04:15:28 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 837968FC12 for ; Sun, 21 Mar 2010 04:15:28 +0000 (UTC) Received: by gyg13 with SMTP id 13so514334gyg.13 for ; Sat, 20 Mar 2010 21:15:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:date:from:to:cc :subject:in-reply-to:message-id:references:user-agent :x-openpgp-key-id:x-openpgp-key-fingerprint:mime-version :content-type; bh=9i4sA6GiLK5vq8bMEeREJiK7PhWq5jv0aJK8vru0FEI=; b=B1brqYf7WICCuUaJQlOsmHVXj7E53sN01NS9aLbFgSDAgHd74ONXCUHWpN5tHANU4R ZKTRHVuyD9MGVKYsEKmme2X6R/jaRYSX4UCIx9Q9DVWZuOA2YmIA+K4XU/Nbd/LxKlHr 6pmX7048la8kysVFGTPesNsLV8W+NGdeWydsk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:in-reply-to:message-id:references :user-agent:x-openpgp-key-id:x-openpgp-key-fingerprint:mime-version :content-type; b=bKg2BzcV+JF+SttMyon2on7KoN2v1NKJUrQLjmNYJFYh2z2NMZmCqNNejHuz69CWJq pfVmmQlPax++/5ceGHmMuqgOxaLj9+lcAPfJipTstNC3Js1o56QeKANXMzegvJPhseat Fs/AK6UuwRqVPHmiet7s1Jd+J4KKGRIR/otp4= Received: by 10.90.45.3 with SMTP id s3mr2646036ags.106.1269144927774; Sat, 20 Mar 2010 21:15:27 -0700 (PDT) Received: from centel.dataix.local (ppp-23.100.dialinfree.com [209.172.23.100]) by mx.google.com with ESMTPS id 20sm1172815iwn.1.2010.03.20.21.15.22 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 20 Mar 2010 21:15:26 -0700 (PDT) Sender: "J. Hellenthal" Date: Sun, 21 Mar 2010 00:15:48 -0400 From: jhell To: Jeremy Chadwick In-Reply-To: <20100320001820.GA92920@icarus.home.lan> Message-ID: References: <4BA08FA8.5000902@omnilan.de> <585602e11003170127t669ebe04k752bc4383f3fde22@mail.gmail.com> <4BA3FF91.7090903@digiware.nl> <20100320001820.GA92920@icarus.home.lan> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-stable@freebsd.org Subject: Re: Does zfs have it's own nfs server? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Mar 2010 04:15:28 -0000 On Fri, 19 Mar 2010 20:18, Jeremy Chadwick wrote: In Message-Id: <20100320001820.GA92920@icarus.home.lan> > On Fri, Mar 19, 2010 at 07:50:24PM -0400, Charles Sprickman wrote: >> On Fri, 19 Mar 2010, Willem Jan Withagen wrote: >> >>> On 17-3-2010 9:27, Matthias Gamsjager wrote: >>>> sharenfs does work in freebsd but iscsi does not. I'm not sure about smb. >>>> >>>> about nfs: you should take a look at /etc/zfs/exports >>>> >>>> >>>> >>>> On Wed, Mar 17, 2010 at 9:15 AM, Harald Schmalzbauer >>>> wrote: >>>>> Hello, >>>>> >>>>> I observed some very strange filesystem security problems. >>>>> Now I found that if I set sharenfs=yes data/pub I can mount_nfs but it >>>>> does't respect any settings in /etc/exports. Also I get very strange uid >>>>> numbers when writing. >>>>> If I turn sharenfs off, limitations in /etc/exports work as expected. >>>>> I thought sharenfs and sharesmb are only working on >>>>> OpenSolaris. What about >>>>> shareiscsi? >>> >>> I do not use /etc/exports for zfs shares.... >>> But instead of yes as value, you can use the NFS-options as string >>> and that gets it into /etc/zfs/exports. >> >> Just wondering, is this using the base nfsd/mountd, or is there some >> in-kernel nfs code strictly for zfs? I haven't found much info on >> the share* options in the manpage or wiki. > > ZFS on FreeBSD's "sharenfs" option does nothing more than manage data in > a flat file (/etc/zfs/exports) and automatically send a SIGHUP to > mountd's pid (based on reading the contents of the file > _PATH_MOUNTDPID). If you grep through /usr/src/cddl you can see what > I'm referring to. > > "So how does mountd know about /etc/zfs/exports?" > > $ ps -auxw | grep mount > root 861 0.0 0.0 6836 1716 ?? Is 10Mar10 0:00.00 /usr/sbin/mountd -r -l /etc/exports /etc/zfs/exports > > This is defined/referenced in /etc/rc.d/mountd. > > All that said: > > I avoid use of the "sharenfs" option in ZFS on RELENG_7 and RELENG_8, as > I found certain quirks/behavioural oddities (such as mountd not picking > up changes, or claims of not exporting something which visually > confirmed should have been exported -- and in one case, mounting of a > ZFS-exported NFS filesystem worked but then any I/O would block on the > client indefinitely. Don't ask me how/why that happened). Possibly > these were bugs that existed during ZFS's transitional phase between 7.x > and 8.x, but the unreliable nature of the situation left a bad taste in > my mouth. The workaround: > > Using /etc/exports to reference the local ZFS filesystems I want > exported, HUP mountd, done. Above oddities/quirks no longer happened. > And there's an added bonus: all your exports are therefore kept in one > single place: a text file that's existed since what, 1989 or so? > > Of course, the advantage is that with ZFS properties you can inherit > options -- that might be useful to some, but not to me. > > There's also known quirks/issues with the parsing logic with "sharenfs". > This was discussed in December 2009. > >> Could you give an example of passing options that would say, limit >> to a subnet and map root to root using the zfs sharenfs command? > > zfs create pool/fs > zfs set sharenfs="-maproot=blah -network x.x.x.x -mask y.y.y.y" pool/fs > > Right now I'm more or less "avoiding" NFS as much as possible, as the > number of severe/major bug reports on RELENG_8 keep coming in, and that > scares me greatly. > > There is also this: http://www.freebsd.org/cgi/query-pr.cgi?pr=144447 Which I filed a while back that shows a bug in at least stable/7 that does not unshare/remove shared filesystems from /etc/zfs/exports. PJD has taken this PR and asked for a followup if this can be confirmed on a 8.X system as he believes it is fixed there. If someone of this thread is running a 8.X system would you please followup to this PR with YES/NO it exists or not, and it would be greatly appreciated. I believe this also has a part of sending HUP to mountd but I could not test that either on stable/7 or stable/8. -- jhell