SUMMARY: exporting fs's with different options

From: david@john-littlejohn.ICS.UCI.EDU
Date: Fri Nov 22 1991 - 20:26:25 CST


First, my thanks to everyone for bearing with me, as we figured out
just what it was I wanted to ask :-}

To recap: I wanted to export a filesystem to a large group of hosts,
all of whom should be recognised as root-equivalent, and also to one
more host, whose root should not be recognised.

Solution: there isn't one, exactly. The closest I can get is to
limit the number of hosts whose root is recognised. (The -root=
option will accept a (short) list of hostnames, but not a netgroup,
unlike the -access= option. Many of you agree with me that this is
Really Icky -- are you listening, Sun?)

For those of you who have source, Roy Marantz <marantz@cs.rutgers.edu>
uses a hacked exportfs (and kernel?) which recognises multiple entries
in /etc/exports for the same filesystem. (BTW, some of you noted that
the man page doesn't actually say you can't have multiple entries, and
you're right. When I went ahead and tried it, I found that the last
entry simply replaces any previous entries--no surprise there.)

There was almost unanimous agreement that the -anon=0 option should be
avoided, as doing away with what little security there is in NFS exports.

Many thanks to:
 "Anthony A. Datri" <datri@concave.convex.COM>
 "J. Matt Landrum" <mdl@cypress.COM>
 Bob Cunningham <bob@kahala.soest.hawaii.EDU>
 Brent Alan Wiese <brent@curie.ssctr.bcm.tmc.EDU>
 Dana Roode <DRoode@uci.EDU>
 David Mostardi <david@msri.ORG>
 Eckhard Rueggeberg <erueg@cfgauss.uni-math.gwdg.de>
 Frank Kuiper <frankk@cwi.nl>
 Gary Richardson <gpr@proteon.COM>
 Jeff Nieusma <nieusma@cs.colorado.EDU>
 Michael Helm <mike@inti.lbl.GOV>
 Mike Raffety <miker@sbcoc.COM>
 Paul Henninger <pbh@cfsmo.honeywell.COM>
 Russ Poffenberger <poffen@sj.ate.slb.COM>
 Scott Ellis <scott@assistant.beckman.uiuc.EDU>
 William LeFebvre <phil@pex.eecs.nwu.EDU>
 brian hawley <hawley@ucrmath.ucr.EDU>
 dmorse@sun-valley.stanford.EDU
 marantz@cs.rutgers.EDU
 mark galbraith <deltam!dm!mark@uunet.UU.NET>

--------
David Harnick-Shapiro Support Group, Department of david@ics.uci.edu
                      Information and Computer Science ucbvax!ucivax!david
                      University of California, Irvine



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:16 CDT