mim Posted May 18, 2018 Share Posted May 18, 2018 If I set a single NFS share to Private and run exportfs -v, my share shows up correctly with my perms as desired If I set up a second NFS share as Public or Secure and run exports -v both show up as expected If I change my second NFS Share to Private, with or without my desired perms entered exportfs -v is blank?? Im trying to figure out whats causing this issue, I'm thinking it may be due to the fact I'm testing a server with a trial key but I really don't think that's the case. Link to comment
mim Posted May 19, 2018 Author Share Posted May 19, 2018 Im using SMB as a substitute for now but it feels very wrong... Link to comment
John_M Posted May 19, 2018 Share Posted May 19, 2018 It works for me. One private and two public shares: root@Mandaue:~# exportfs -v /mnt/user/M_Private <world>(rw,async,wdelay,hide,no_subtree_check,fsid=100,anonuid=1000,anongid=100,sec=sys,insecure,root_squash,all_squash) /mnt/user/M_Public <world>(rw,async,wdelay,hide,no_subtree_check,fsid=101,anonuid=99,anongid=100,sec=sys,insecure,root_squash,all_squash) /mnt/user/M_Temp <world>(rw,async,wdelay,hide,no_subtree_check,fsid=102,anonuid=99,anongid=100,sec=sys,insecure,root_squash,all_squash) root@Mandaue:~# After changing M_Temp to Private: root@Mandaue:~# exportfs -v /mnt/user/M_Private <world>(rw,async,wdelay,hide,no_subtree_check,fsid=100,anonuid=1000,anongid=100,sec=sys,insecure,root_squash,all_squash) /mnt/user/M_Public <world>(rw,async,wdelay,hide,no_subtree_check,fsid=101,anonuid=99,anongid=100,sec=sys,insecure,root_squash,all_squash) /mnt/user/M_Temp <world>(rw,async,wdelay,hide,no_subtree_check,fsid=102,anonuid=1000,anongid=100,sec=sys,insecure,root_squash,all_squash) root@Mandaue:~# Link to comment
mim Posted May 19, 2018 Author Share Posted May 19, 2018 6 hours ago, John_M said: It works for me. One private and two public shares: root@Mandaue:~# exportfs -v /mnt/user/M_Private <world>(rw,async,wdelay,hide,no_subtree_check,fsid=100,anonuid=1000,anongid=100,sec=sys,insecure,root_squash,all_squash) /mnt/user/M_Public <world>(rw,async,wdelay,hide,no_subtree_check,fsid=101,anonuid=99,anongid=100,sec=sys,insecure,root_squash,all_squash) /mnt/user/M_Temp <world>(rw,async,wdelay,hide,no_subtree_check,fsid=102,anonuid=99,anongid=100,sec=sys,insecure,root_squash,all_squash) root@Mandaue:~# After changing M_Temp to Private: root@Mandaue:~# exportfs -v /mnt/user/M_Private <world>(rw,async,wdelay,hide,no_subtree_check,fsid=100,anonuid=1000,anongid=100,sec=sys,insecure,root_squash,all_squash) /mnt/user/M_Public <world>(rw,async,wdelay,hide,no_subtree_check,fsid=101,anonuid=99,anongid=100,sec=sys,insecure,root_squash,all_squash) /mnt/user/M_Temp <world>(rw,async,wdelay,hide,no_subtree_check,fsid=102,anonuid=1000,anongid=100,sec=sys,insecure,root_squash,all_squash) root@Mandaue:~# Not sure if you just copy pasted the wrong thing for the second paste, but all of those shares are set to public in both examples. I think you may have forgotten to apply your changes. Link to comment
John_M Posted May 19, 2018 Share Posted May 19, 2018 1 hour ago, mim said: I think you may have forgotten to apply your changes. No, they are different. UID 1000 is my registered user, while UID 99 is the user nobody. If you think I'm doing it wrong please tell me what rule you are using for your private shares. Link to comment
mim Posted May 19, 2018 Author Share Posted May 19, 2018 The idea behind the private share is that it is set to private and only accessible by accredited IP's which you list in your config. As far as I know NFS doesn't support users. root@MIMNAS:~# exportfs -v /mnt/user/MIMPVE-4TB 192.168.1.150(rw,async,wdelay,hide,no_subtree_check,fsid=102,sec=sys,secure,root_squash,no_all_squash) /mnt/user/MIMPVE-4TB 192.168.1.99(rw,async,wdelay,hide,no_subtree_check,fsid=102,sec=sys,secure,root_squash,no_all_squash) /mnt/user/MIMPVE-4TB 192.168.1.24(rw,async,wdelay,hide,no_subtree_check,fsid=102,sec=sys,secure,root_squash,no_all_squash) /mnt/user/MIMPVE-4TB 192.168.1.100(rw,async,wdelay,hide,no_subtree_check,fsid=102,sec=sys,secure,root_squash,no_all_squash) Thats what the output looks like when you set it to private, my rule was: 192.168.1.121(sec=sys,rw) 192.168.1.150(sec=sys,rw) 192.168.1.100(sec=sys,rw) 192.168.1.99(sec=sys,rw) Link to comment
mim Posted May 19, 2018 Author Share Posted May 19, 2018 I just solved it, there was an extra space at the end of my rule...["192.168.1.121(sec=sys,rw) 192.168.1.150(sec=sys,rw) 192.168.1.100(sec=sys,rw) 192.168.1.99(sec=sys,rw) "] would cause the next set up shares to disappear Link to comment
John_M Posted May 19, 2018 Share Posted May 19, 2018 10 minutes ago, mim said: The idea behind the private share is that it is set to private and only accessible by accredited IP's Not so. You can restrict by IP address, but you certainly don't have to. *(sec=sys,rw) is a perfectly valid rule. In fact a null string is also a perfectly valid rule, if read-only access is what you want. Regardless, I'm glad you fixed your problem. Maybe encouraging you to look at your own rules helped? Link to comment
mim Posted May 19, 2018 Author Share Posted May 19, 2018 With your setup how do you restrict who can access? the uid? if so how do you enter that?(in the client) Link to comment
John_M Posted May 19, 2018 Share Posted May 19, 2018 Yes. Since the protocol does't use passwords (unlike, say, CIFS) permissions are determined by UIDs and ACLs. I can see how you might want to limit users' access to their own workstations but I would find that too restrictive. It's all controlled from the server. The only thing a client can do is have an account whose UID is valid for the files you want to access on the server. An example would be where a group of users can sit at any workstation and, as long as each has a username and password, can access their private files (home directory, for example) over NFS. In that case you wouldn't want to restrict by IP address. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.