SUMMARY: Taking away mount privileges NOW

From: Sheila Hollenbaugh (shollen@valhalla.cs.wright.edu)
Date: Fri Aug 02 1991 - 10:20:34 CDT


Again, the original inquiry was how to deny NFS mount access to a subset of
systems without rebooting. Here is what I believe is the definitive
answer. It was what I suspected, but not what I wanted to hear:

        From: trinkle@cs.purdue.edu
        
             Once the filesystem is mounted, even rebooting the server in
        itself will not solve your problem. What you need to do is make the
        filehandle given to those systems invalid. To do this you have to
        change something basic about the local filesystem (i.e. something that
        would change the value you generate for a filehandle). The only thing
        I know of to do this is to run fsirand on the filesystem. Of course,
        this also invalidates the filehandle given to the legitimate clients,
        which means you will have to remount the filesystems on all of them.
        I think the only access that is actually checked for each NFS request
        is for root access -- each request is checked against the "root" list
        in the exports entry.
        
             The only "reasonable" alternative as far as I can see is to
        change the export lists, then reboot all the systems that you want to
        deny.
        
Thanks to all for the replies (there appear to be a bunch I have not yet
read), once again the list comes through!!!!!

------
Sheila Hollenbaugh
Wright State University Department of Computer Science & Engineering
3171 Research Blvd., Kettering, OH 45420 (513) 259-1384
shollen@cs.wright.edu or shollen@valhalla.cs.wright.edu



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:20 CDT