From owner-freebsd-stable Wed Mar 14 16:34:13 2001 Delivered-To: freebsd-stable@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id DE64537B718 for ; Wed, 14 Mar 2001 16:34:08 -0800 (PST) (envelope-from dillon@earth.backplane.com) Received: (from dillon@localhost) by earth.backplane.com (8.11.2/8.9.3) id f2F0XXV33398; Wed, 14 Mar 2001 16:33:33 -0800 (PST) (envelope-from dillon) Date: Wed, 14 Mar 2001 16:33:33 -0800 (PST) From: Matt Dillon Message-Id: <200103150033.f2F0XXV33398@earth.backplane.com> To: Sean Kelly Cc: freebsd-stable@FreeBSD.ORG Subject: Re: mountd References: <20010314182033.A54552@edgemaster.zombie.org> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :My NFS server has /usr on a single filesystem, yet I would like to share :subdirectories of /usr with different attributes. An example would be: : : /usr/ports readonly : /usr/src readonly : /usr/local/build read/write : :The idea is that machines with very little disk space will be able to build :ports and source using /usr/build/ as the workdir. As I :understand it, this can't be done since /usr is a single filesystem on the :server and must :a) be listed on single line in /etc/exports :b) have the same attributes for all exported directories :Am I missing something? If not, why is FreeBSD's mountd implimented this :way when it causes severe limitations such as the one I just came across? :How hard would it be to reimpliment the system? Does anybody have any The limitation is not restricted to FreeBSD. The real problem here is that NFS security is based on file handle identifiers and filesystems. You can export all the subdirectories in a filesystem wholely read-only, or wholely read-write, but not a combination of the two because the NFS server has no idea which subdirectory of that filesystem an NFS client may be accessing... NFS clients access files by file handle id's, NOT by path names. :suggestions for a quickfix? What is the answer to life, the universe, and :everything? : :-- :Sean Kelly | PGP KeyID: 77042C7B :smkelly@zombie.org | http://www.zombie.org No problem. Here's what you do: Lets say that /usr is local on all your machines but you want to export /usr/ports and /usr/src from your NFS server read-only. Simply make /usr/ports/distfiles on your NFS server be a softlink to /usr/ports.distfiles, which will be a local directory on every machine (including the NFS server). Then set the WRKDIRPREFIX variable in your /etc/make.conf on the clients. e.g. mkdir /var/portswork and in /etc/make.conf: WRKDIRPREFIX= /var/portswork (Note: some ports are huge so WRKDIRPREFIX needs to point to somewhere with a lot of space). Now you can build a port on any client using the /usr/ports exported read-only from the NFS server. If you are exporting the whole of /usr read-only to the clients, then obviously you have to choose some other directory to hold the distfiles by adjusting the /usr/ports/distfiles softlink. The softlink must be valid (point to some local directory somewhere) on both the NFS server and all the clients. -- In regards to /usr/src and /usr/obj. What I normally do is export /usr/src AND /usr/obj from the NFS server, both read-only. I do all builds on the server and then install them from the clients (i.e. I never actually build the world on a client). Same goes with kernels for the clients... build on the server, install from the client. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message