Thomas Plant via CentOS wrote:
>
> Hello all,
>
> I have an NFS Server where I want give access to a specific address to a
> specific path.
> Problem is that I have some other shares active which I do not want the
> specific IP to not access it.
>
> The /etc/exports looks like the following:
>
> /nfs/Share1 10.10.*(rw)
> /nfs/Share2 10.10.*(rw)
> /kdnbckp/CS21 10.10.193.43(rw)
>
> The client on the last line (IP 10.10.193.43) I'd like to exclude from
> mounting the first two shares.
>
> How can I do this? 'man exports' does not give any hint if this is
> possible.
I don't know of an option to exclude a single host - but you might be
able to do something clever with the 'refer' option ...
BTW, the export man page says that you shouldn't use wildcards in IP
network addresses - i.e. instead of exporting to '10.10.*', you should
use '10.10.0.0/16'
So something like the following may work:
/nfs/Share1 10.10.193.43(rw,refer=/dummy@127.0.0.1) 10.10.0.0/16(rw)
/nfs/Share2 10.10.193.43(rw,refer=/dummy@127.0.0.1) 10.10.0.0/16(rw)
/kdnbckp/CS21 10.10.193.43(rw)
The above _should_ cause the client at 10.10.193.43 to attempt to mount
"/dummy" from itself when it tries to mount either /nfs/Share1 or
/nfs/Share2 from the server - and if "/dummy" isn't exported from itself
(or if NFS isn't running), then the mount will fail ...
However, I believe the refer= option is NFSv4 only - so if the client
attempts an NFSv3 mount, it will successfully mount from the server (and
not use the refer mount point) - i.e. to make sure this doesn't happen,
you will need to disable NFSv3 (and NFSv2) access - e.g see:
https://opsech.io/posts/2016/Jan/26/nfsv4-only-on-centos-72.html
However, the above is all a bit messy - so I would be interested if you
come across a simpler way of achieving this ...
James Pearson
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
