[SOLVED] NFSv4

supermario18b · 09-18-2020, 07:15 AM

Hi everyone,

since NFSv4 needs a root share folder, I set /media/nfs_root accessible from everyone and two child folders accessible from specific IPs.
Here is my /etc/exports file:

Code:

/media/nfs_root			*(fsid=0,sync,no_subtree_check) 
/media/nfs_root/nfs_child10	192.168.1.10(rw,sync,no_subtree_check)
/media/nfs_root/nfs_child20	192.168.1.20(rw,sync,no_subtree_check)

The unexpected result (for me) is that everyone can mount the root and the child directories.
I'd like that the machine with IP 192.168.1.10 can only access the nfs_child10 folder and the machine with IP 192.168.1.20 can only access the nfs_child20 folder.

How do I have to modify the configuration file to achieve that?

Thanks in advance,

supermario18b

dc.901 · 09-18-2020, 07:32 PM

Working on RHEL7 and CentOS7, I do not see need for "nfs_root" like you have. Or maybe I am misunderstanding what you are trying to say.

Now, do the child directories nfs_child10/20 need to be under the nfs_root?
If not, what if you do something like this instead:

Code:

/media/nfs_root			*(fsid=0,sync,no_subtree_check) 
/media/nfs_child10	192.168.1.10(rw,sync,no_subtree_check)
/media/nfs_child20	192.168.1.20(rw,sync,no_subtree_check)

Then, perhaps make a symbolic links to nfs_child10/20 under nfs_root?

supermario18b · 09-19-2020, 02:11 AM

Quote:

Originally Posted by dc.901

Working on RHEL7 and CentOS7, I do not see need for "nfs_root" like you have

I followed the instructions on wiki.archlinux.org/NFS

By the way I tried like you said. It works without "nfs_root" and the fsid=0 option.
Here is the working configuration:

Code:

/media/nfs_child10		192.168.1.10(rw,sync,no_subtree_check)
/media/nfs_child20		192.168.1.20(rw,sync,no_subtree_check)

Thanks dc.901. I mark the thread as solved

Edit: Now as expected the ip 10 can only access the directory /media/nfs_child10 and the ip 20 can only access the directory /media/nfs_child20

ondoho · 09-19-2020, 02:53 AM

Quote:

Originally Posted by supermario18b

I followed the instructions on wiki.archlinux.org/NFS

I followed the same instructions, but I do not have a '*' in the first line - it lists the same IPs as for the subfolders:

Code:

/srv/nfs       n.n.n.0/24(rw,async,fsid=root,crossmnt,subtree_check)
/srv/nfs/html n.n.n.0/24(rw,async,no_subtree_check)
/srv/nfs/mus n.n.n.0/24(rw,async,no_subtree_check)

I forgot the logic of it all, but it works.

supermario18b · 09-19-2020, 03:18 AM

What ondoho posted works but it's about to limit the access of the two folders by IP. In the example would be:

Code:

/srv/nfs       n.n.n.0/24(rw,async,fsid=root,crossmnt,subtree_check)
/srv/nfs/html n.n.n.10/32(rw,async,no_subtree_check)
/srv/nfs/mus n.n.n.20/32(rw,async,no_subtree_check)

According this configuration I expected that the ip 10 can only access the "html" directory and that the ip 20 can only access the mus directory.
The problem is both can access "html" and "mus". Probably because the nfs-root directory "nfs" allows the whole network.

ondoho · 09-19-2020, 03:47 AM

Sorry, I should've understood that.
I wonder if you can simply comment out / remove the first line?

supermario18b · 09-19-2020, 04:23 AM

Nothing to be sorry about

Without the first line it works. It's the solution posted above (without the "nfs-root").