[clue] NFSv3 vs NFSv4

[David L. Willson]

How do you give users rw access to a sub-directory without giving access to all the parent and sibling directories? 

For example: Let's say that I have a path /fs/priv1/priv2/public, and I want users to have read access to /fs, little or no access to priv1 and priv2, but full access to public. 

With NFSv3, I share it like this: 
/fs *(ro) 
/fs/priv1/priv2/public *(rw) 

chmod it like this: 
chmod 000 /fs/priv1 /fs/priv1/priv2 
chmod 777 /fs/priv1/priv2/public 

and then mount or automount both exports, and I'm done. Everything works as expected. The /fs tree is all read, and the /fs/priv1/priv2/public sub-tree is all write. 

But with NFSv4, that seems not to be the case... I can't get the sub-directory to be write-able, even if I don't mount the parent. These are the relevant lines from exports: 
bob at s2:~$ cat /etc/exports 
<snip> 
/tmp *(ro,fsid=0,no_subtree_check) 
/tmp/priv1/priv2/public *(rw,no_subtree_check) 

Suggestions? 

I just tested and if I mount the export with NFSv3, I can write to it. If I mount it with NFSv4, I can't. Same server, directory, export, client, and mount-point. Just NFSv4 versus NFSv3. 

bob at s1:~$ sudo mount s2:/tmp/priv1/priv2/public /mnt 
bob at s1:~$ ls /mnt 
dingo 
bob at s1:~$ touch /mnt/{bob,chun,larry} 
bob at s1:~$ sudo umount /mnt 
bob at s1:~$ sudo mount -t nfs4 s2:/tmp/priv1/priv2/public /mnt 
mount.nfs4: mounting s2:/tmp/priv1/priv2/public failed, reason given by server: No such file or directory 
bob at s1:~$ sudo mount -t nfs4 s2:/priv1/priv2/public /mnt 
bob at s1:~$ touch /mnt/{dan,earl} 
touch: cannot touch `/mnt/dan': Read-only file system 
touch: cannot touch `/mnt/earl': Read-only file system 

--
David L. Willson
Teacher, Engineer, Evangelist
RHCE+Satellite CCAH Network+ A+ Linux+ LPIC-1 UbuntuCP NovellCLA
Mobile 720-333-LANS(5267)

This is a good time for a r3VOLution.