Date: Wed, 16 Mar 2022 10:37:07 -0400 From: mike tancsa <mike@sentex.net> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: nfsv4 export and foot shooting Message-ID: <f118ab28-f829-649d-9f0f-cfe6eb80294e@sentex.net>
next in thread | raw e-mail | index | archive | help
I am trying to get my head around the nfsv4 way of thinking about the exports format and cant quite see how the best way to do it is. I have a build server where I build world and packages daily. Ideally, on a client machine, I would like to mount /usr/src and /usr/obj read-only so I can install world from there. For nfsv4, the export line says I need to specify the root directory first. But I dont want to export all of / Is there no way to just export /usr/src and /usr/obj and nothing above it ? It seems if I just have V4:/ /usr/src /usr/obj -ro -network 192.168.0.0/16 192.168.0.0/16 is able to mount / from the server which is not what I want If I put V4:/usr it will work, but then 192.168.0.0/16 can still access /usr/bin etc on the server. having an export file with JUST V4: / sort of makes sense in that no one can mount anything but progressing to V4:/ /usr/src /usr/obj -ro -network 192.168.0.0/16 means that 192.168.0.0/16 can mount /usr/src and /usr/obj, but also / which seems counter intuitive. The server's rc.conf is just nfsv4_server_enable="YES" # Enable support for NFSv4 nfsv4_server_only="YES" nfs_server_enable="YES" This is 13.1-STABLE. The server is UFS ---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f118ab28-f829-649d-9f0f-cfe6eb80294e>