On Fri, 30 Apr 1999 tkaczma@gryf.net wrote:
On Thu, 29 Apr 1999, Bryan Hess wrote:
It doesn't export root privs to all, but just exporting read/write to all machines is scary enough.
So what's your beef? _You_ told it to export to everyone read/write with one machine having root access permissions. If that wasn't what you wanted then you should have stated so with rw, ro, or access.
My sirloin (au jus) is that the admin manual seems to suggest that setting up the exports file in this crazy way is an acceptable configuration. I guess that's more or less where this thread started. No big deal...
On the other hand, I have several little gripes about the NFS implementation these days:
This doesn't work in exports (everthing is read-only): /somevol -ro,access=netgroup1:netgroup2
but this does (anyone mounts read-only except read-write for those listed in the rw list): /somevol -ro,rw=host1:host2:host3
I should either be able to use -rw with netgroups, or I should be able to mix -ro and -access.
Even more odd is that netgroups nested 3 deep or more will trigger a bug making all mounts succeed, regardless of the access list, regardless of what "showmount -e" or "exportfs" reveals. That is, a netgroup pointing to a netgroup, pointing to a negroup, pointing to a host. Have you checked to see if you can mount things you shouldn't be able to recently? It can be surprising. I flattened out a few netgroups recently...
--Bryan