[clue] NFSv3 vs NFSv4
David L. Willson
DLWillson at TheGeek.NU
Fri Aug 16 17:47:39 MDT 2013
How do you give users rw access to a sub-directory without giving access to all the parent and sibling directories?
For example: Let's say that I have a path /fs/priv1/priv2/public, and I want users to have read access to /fs, little or no access to priv1 and priv2, but full access to public.
With NFSv3, I share it like this:
/fs *(ro)
/fs/priv1/priv2/public *(rw)
chmod it like this:
chmod 000 /fs/priv1 /fs/priv1/priv2
chmod 777 /fs/priv1/priv2/public
and then mount or automount both exports, and I'm done. Everything works as expected. The /fs tree is all read, and the /fs/priv1/priv2/public sub-tree is all write.
But with NFSv4, that seems not to be the case... I can't get the sub-directory to be write-able, even if I don't mount the parent. These are the relevant lines from exports:
bob at s2:~$ cat /etc/exports
<snip>
/tmp *(ro,fsid=0,no_subtree_check)
/tmp/priv1/priv2/public *(rw,no_subtree_check)
Suggestions?
I just tested and if I mount the export with NFSv3, I can write to it. If I mount it with NFSv4, I can't. Same server, directory, export, client, and mount-point. Just NFSv4 versus NFSv3.
bob at s1:~$ sudo mount s2:/tmp/priv1/priv2/public /mnt
bob at s1:~$ ls /mnt
dingo
bob at s1:~$ touch /mnt/{bob,chun,larry}
bob at s1:~$ sudo umount /mnt
bob at s1:~$ sudo mount -t nfs4 s2:/tmp/priv1/priv2/public /mnt
mount.nfs4: mounting s2:/tmp/priv1/priv2/public failed, reason given by server: No such file or directory
bob at s1:~$ sudo mount -t nfs4 s2:/priv1/priv2/public /mnt
bob at s1:~$ touch /mnt/{dan,earl}
touch: cannot touch `/mnt/dan': Read-only file system
touch: cannot touch `/mnt/earl': Read-only file system
--
David L. Willson
Teacher, Engineer, Evangelist
RHCE+Satellite CCAH Network+ A+ Linux+ LPIC-1 UbuntuCP NovellCLA
Mobile 720-333-LANS(5267)
This is a good time for a r3VOLution.
More information about the clue
mailing list