Followup-to: Ray Schnitzler <ras@unipress.com>
I've gotten a few responses and seem to have a working solution.
Silly me. I assumed that the man page for share(1) was correct and complete!
For you SVR4 neophytes, (un)share, (un)shareall and /etc/dfs/dfstab replace
the /etc/exports file we all know and love. The man page listed
-ro[=host...] and -rw[=host...] as the only options to share. "What, no
-root=host option?" I hear you cry. Not in the man page.
Mathew BM LIM <M.Lim@anu.edu.au> said that his SVR4 machine showed such an
option for share, both in the man page (which he excerpted) and in practice.
In fact, my version of Solaris *does* support this undocumented feature. A
call to Sun confirmed this. I don't know, however, whether the manual is
really in error, or if this is a way for Sun to leave themselves the ability
to retract this option in the future, for security or other reasons.
Two people (Mike Raffety <miker@sbcoc.com> and Russell Ruby
<russ@math.orst.edu>) suggested that I not use NFS for backups, and
encouraged rdump.
Well, as far as I can tell from my beta Solaris, dump and rdump are replaced
by ufsdump, which manpage gives very little information about remote usage,
alluding to /etc/hosts in the FILES section.
(I am reminded of the budget version of the Radio Shack security system:
it's a sticker. The Solaris man pages, through omission, may provide a
significant part of the improved SunOS 5.0 security.)
Also, in a very heterogenous network like ours, a proprietary and
system dependent format like dump is a problem. The POSIX tar format used
by pax (/usr/5bin/pax in SunOS 4, but not in my Solaris), is terrific. It
removes the path and component length limitations of tar, and can even back
up special files. It is a standard, portable format, and is a superset of
the old tar. Pax also can read and write new POSIX cpio (and read old cpio)
files. There is a good version of pax available by ftp from a variety
of places, including . I've successfully built version 1.2 and run it on
SunOS 4.1, HP-UX 8.05, and Solaris 2.0beta.
Another (minor) problem with *dump is that only one filesystem can be
specified for each archive file. Concatenation on an 8mm tape is apparently
possible, but we've been unsuccessful with it.
Backup, however, wasn't the only concern. There are other situations where
the administrator would want to read root-only files on other hosts, without
having to log into every one. The -root=host solution seems to address this.
Now, if I could only get my HP-UX machines to be so cooperative...
Thanks to:
Russell Ruby <russ@math.orst.edu>
Mathew BM LIM <M.Lim@anu.edu.au>
Mike Raffety <miker@sbcoc.com>
Ray Schnitzler
UniPress Software
PS - Here's the original message, for those who missed it:
------------
We've got a new SS2 with Solaris on it, and, of course, everything is
different.
For certain administrative tasks (e.g. backups) I want to be able to read
*all* the files on the solaris box from another (Sun) host (running 4.1).
This implies running as root. However, NFS maps uid 0 to -2. In 4.1 I could
use the -root=host option in /etc/exports to get around this. The sVr4
equivalent, dfstab, doesn't seem to offer that functionality.
How can I read *all* files via nfs?
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:44 CDT