nested zfs datasets and NFS4

Rick Macklem rmacklem at uoguelph.ca
Tue Aug 18 15:57:21 UTC 2020 

Julien Cigar wrote:
>On Tue, Aug 18, 2020 at 09:19:45AM -0400, Allan Jude wrote:
>> On 2020-08-18 05:16, Julien Cigar wrote:
>> > Hello,
>> >
>> > With the following configuration (1) I don't understand why do I have
>> > access to /usr/jails/j_www1/filer/webapps/phegea as it is not mounted..?
>> > I thought that with nested ZFS datasets each dataset should be exported
>> > and mounted explicitely ..
>> >
>> > (1): https://gist.githubusercontent.com/silenius/2f4e1418d77074d610996b0977776f18/raw/2cb2e5d0bb7ebd9c8e69d6c14245c41051c11bf5/gistfile1.txt
>> >
>> > any idea?
>> >
>> > Thanks,
>> > Julien
>> >
>> >
>>
>> Are you using NFSv3 or v4 on the client?
>
>v4 only
>
>>
>> With v4, you can cross mount boundries with a single nfs mount. This is
>> very useful for things like NFS mounting homedirs, as you can mount just
>> home and have access to each user's personal dataset with out 100s of
>> separate mounts on the client.
If you don't want the NFSv4 server to cross server mount points, you can set:
vfs.nfsd.mirrormnt=0
(The name isn't very intuitive, but it is what Linux used.)

>interesting, I thought it was the opposite. I guess that /etc/exports is
>still taken into account when I'd like to mount a nested dataset as
>read only for example?
If there is no entry in /etc/exports for the file system, the mount point
would be visible (assuming vfs.nfsd.mirrormnt=1), but no access to the
files should be allowed.

*** The above should have said "...for that client for the file system...".

>>
>> If you want a child dataset NOT to be reachable, 'zfs set sharenfs=off
>> dataset', and it will not be reachable via NFSv4
>>
>
>I don't use sharenfs (I prefer /etc/exports), and it is off by default:
>
>filer1% zfs get sharenfs data/webapps data/webapps/phegea
>NAME                 PROPERTY  VALUE     SOURCE
>data/webapps         sharenfs  off       default
>data/webapps/phegea  sharenfs  off       default
>
>(the reason why I'm not using "sharenfs" is that it was impossible in
>the past (don't know if it's still the case) to have multiple export
>lines for the same dataset, so it was impossible to export a dataset rw
>for somehost and ro for anotherhost)

rick

> --
> Allan Jude
>




--
Julien Cigar
Belgian Biodiversity Platform (http://www.biodiversity.be)
PGP fingerprint: EEF9 F697 4B68 D275 7B11  6A25 B2BB 3710 A204 23C0
No trees were killed in the creation of this message.
However, many electrons were terribly inconvenienced.
_______________________________________________
freebsd-fs at freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-fs
To unsubscribe, send any mail to "freebsd-fs-unsubscribe at freebsd.org"

_______________________________________________
freebsd-fs at freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-fs
To unsubscribe, send any mail to "freebsd-fs-unsubscribe at freebsd.org"

More information about the freebsd-fs mailing list