Occassional "permission denied" in the middle of a large
transfer over NFS
Andrey Simonenko
simon at comsys.ntu-kpi.kiev.ua
Mon Jul 9 09:50:18 UTC 2012
On Sun, Jul 08, 2012 at 07:48:11PM -0400, Rick Macklem wrote:
>
> > Replying to myself just as a record, I have tried nfse and I didnt get
> > the permission denied at all.
> > The only issue I had with it is that it strictly adheres to the syntax
> > in exports(5) while mountd is a little more flexible.
> >
> > I had
> > /usr/local/export -alldirs -maproot=root 85.xx.xx.xx
> >
> > /usr is the root of that filesystem
> >
> > mountd - allowed this but actually silently exports /usr (and all dirs
> > below)
> >
> Not exactly correct. mountd exports the entire file system in the kernel
> for the NFS server, since exports can only be attached to the mount points
> in the kernel. However, when the client's mount protocol requests a mount
> file handle for anything other than /usr/local/export, it will refuse that.
> (Which means that to mount anything other than /usr/local/export, the client
> must maliciously "guess" the file handle for mounting.)
>
> Put another way, a "non-malicious" NFSv3 client will only be able to mount
> /usr/local/export. Robert Watson calls this an "administrative control" and
> feels that it is necessary.
According to the exports(5) manual page and this example (/usr is the mount
point and the -alldir option is given), this example means the following:
"export /usr/local/export only if it is or will be a mount point and
administratively export all subdirectories under it for NFSv2/3 clients".
Good description of the -alldirs option is given in the EXAMPLES section
from exports(5) in paragraph about "/cdrom -alldirs".
More information about the freebsd-current
mailing list