On Thu, Nov 19, 2009 at 02:58:16PM +0100, Christopher Metter wrote: > J. Bruce Fields schrieb: >> On Mon, Nov 16, 2009 at 07:57:57PM +0100, Christopher Metter wrote: >> >>> Hi there folks! >>> >>> Im trying to migrate from NFSv3 to NFSv4. I've read diverse Articles >>> and Howtos, but i cant find a solution to my problem. >>> >>> For better understanding: My NFSv4 Root is /srv/data/, a Folder that >>> existed before and has diverse Subfolders in it. These Folders are >>> really there and are not mounted by "mount --bind". >>> >>> The Servers IP: 192.168.0.10 >>> Client1: 192.168.0.1 >>> Client2: 192.168.0.2 >>> >>> Setup with NFSv3: >>> 2 Folders (scratch and software) were shared for 2 Clients. In >>> Scratch both clients had full RW-access and on software only Client2 >>> had rw, Client1 had RO. >>> Config: >>> /srv/data/scratch-all *(rw,async,no_root_squash,nohide,no_subtree_check) >>> /srv/data/software >>> 10.0.12.4(ro,sync,no_root_squash,nohide,no_subtree_check) >>> 10.0.12.5(rw,sync,no_root_squash,nohide,no_subtree_check) >>> >>> My NFSv4 Config (from Server/etc/exports) >>> |/srv/data/ >>> 192.168.0.2(rw,sync,fsid=0,insecure,no_root_squash,no_subtree_check) >>> 192.168.0.1(rw,sync,fsid=0,insecure,no_root_squash,no_subtree_check) >>> /srv/data/scratch *(rw,async,no_root_squash,no_subtree_check) >>> /srv/data/software >>> 192.168.0.1(ro,sync,no_root_squash,no_subtree_check) >>> 192.168.0.2(rw,sync,no_root_squash,no_subtree_check) >>> | >>> After that i mounted from Client1 and Client2 the Sharefolders >>> directrly (e.g. software: mount -t nfs4 -o intr,hard,rw >>> 192.168.0.10:/software /targetfolder), everything works perfect, >>> every Client has its specific rights and so on. >>> >>> But if im mounting Servers Root (mount -t nfs4 -o intr,hard,rw >>> 192.168.0.10:/ /targetfolder) from Client1 I do have complete RW >>> Access to the full "Data" folder, even with RW for Software (which i >>> set for RO). >>> >> >> Exports don't operate on "folders", only on filesystems: if you export >> /srv/data/ read-write, and if /srv/data/software is on the same >> filesystem as /srv/data, then /srv/data will also be exported, and also >> writeable. >> >> --b > Is there a workaround to this behavior? Or a trick to get an NFSv4 Setup > corresponding to the NFSv3 Setup? If you add a trivial mountpoint there with: "mount --bind /srv/data/software /srv/data/software" I think that will do the job. Note this isn't really secure--this will prevent users on 192.168.0.1 from accidentally modifying software/, but won't do anything against someone malicious with access to the network. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
