Can anyone help me on the following problem:
In order to take away nfs write permissions instantly for a previously
mounted
nfs directory called '/data', I'm changing the export options for '/data'
on the server to 'ro', while keeping the mount on the client.
exportfs -io ro,sync,wdelay,no_root_squash nfsclient:/data
exportfs -v
/data nfsserver(ro,wdelay,no_root_squash)
Surprisingly the client can still write to /data at this point, unless I do
umount/mount of /data.
Is this the way it's suposed to work?
Changing the nfs export options on a SunOS 5.6 while clients have mounted
a nfs path, write permissions are instantly taken away from it.
share -F nfs -o ro,root=nfsclient /data
In both cases I used the following nfs mount options:
mount -o rw,sync,nfsvers=3,wsize=32768,rsize=32768
Thanks!
- Rene
-------------------------------------------------------
Bringing you mounds of caffeinated joy
>>> http://thinkgeek.com/sf <<<
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Did you run exportfs -r after you changed exports?
Stu
Kapeller Rene PSI wrote:
> Can anyone help me on the following problem:
>
> In order to take away nfs write permissions instantly for a previously
> mounted
> nfs directory called '/data', I'm changing the export options for '/data'
> on the server to 'ro', while keeping the mount on the client.
>
> exportfs -io ro,sync,wdelay,no_root_squash nfsclient:/data
>
> exportfs -v
> /data nfsserver(ro,wdelay,no_root_squash)
>
> Surprisingly the client can still write to /data at this point, unless I do
> umount/mount of /data.
>
> Is this the way it's suposed to work?
>
> Changing the nfs export options on a SunOS 5.6 while clients have mounted
> a nfs path, write permissions are instantly taken away from it.
>
> share -F nfs -o ro,root=nfsclient /data
>
> In both cases I used the following nfs mount options:
> mount -o rw,sync,nfsvers=3,wsize=32768,rsize=32768
>
> Thanks!
> - Rene
>
>
>
>
> -------------------------------------------------------
> Bringing you mounds of caffeinated joy
> >>> http://thinkgeek.com/sf <<<
>
> _______________________________________________
> NFS maillist - [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfs
-------------------------------------------------------
Bringing you mounds of caffeinated joy
>>> http://thinkgeek.com/sf <<<
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
exportfs -r did not help either!
(Since I do not fully understand the difference between exportfs -a and
exportfs -r, I usually do both.)
Btw, I'm using RedHat-7.3 (nfs-utils-0.3.3) on the Linux side.
Rene
Stuart Sheldon wrote:
> Did you run exportfs -r after you changed exports?
>
> Stu
>
>
> Kapeller Rene PSI wrote:
>
>> Can anyone help me on the following problem:
>>
>> In order to take away nfs write permissions instantly for a previously
>> mounted
>> nfs directory called '/data', I'm changing the export options for '/data'
>> on the server to 'ro', while keeping the mount on the client.
>>
>> exportfs -io ro,sync,wdelay,no_root_squash nfsclient:/data
>>
>> exportfs -v
>> /data nfsserver(ro,wdelay,no_root_squash)
>>
>> Surprisingly the client can still write to /data at this point, unless
>> I do
>> umount/mount of /data.
>>
>> Is this the way it's suposed to work?
>>
>> Changing the nfs export options on a SunOS 5.6 while clients have
>> mounted
>> a nfs path, write permissions are instantly taken away from it.
>>
>> share -F nfs -o ro,root=nfsclient /data
>>
>> In both cases I used the following nfs mount options:
>> mount -o rw,sync,nfsvers=3,wsize=32768,rsize=32768
>>
>> Thanks!
>> - Rene
>>
>>
>>
>>
>> -------------------------------------------------------
>> Bringing you mounds of caffeinated joy
>> >>> http://thinkgeek.com/sf <<<
>>
>> _______________________________________________
>> NFS maillist - [email protected]
>> https://lists.sourceforge.net/lists/listinfo/nfs
>
>
-------------------------------------------------------
Bringing you mounds of caffeinated joy
>>> http://thinkgeek.com/sf <<<
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Hi -
Since the mount has taken place, I wouldn't expect that
modifying the export would change things, unless you
also modified the file system on the server in order to
prevent write accesses from taking place at all. Even then,
it wouldn't necessarily take place instantly due to caches
on the client, in PV2. It would probably be much faster
in PV3, since you'd see the attribute change after the
next transaction, but it still wouldn't be instantaneous.
I don't know if there is a way to do what you want to do.
(This is my instant reaction, so take it with the standard
grain of salt...)
Tom
Kapeller Rene PSI wrote:
>
> exportfs -r did not help either!
> (Since I do not fully understand the difference between exportfs -a and
> exportfs -r, I usually do both.)
>
> Btw, I'm using RedHat-7.3 (nfs-utils-0.3.3) on the Linux side.
>
> Rene
>
> Stuart Sheldon wrote:
> > Did you run exportfs -r after you changed exports?
> >
> > Stu
> >
> >
> > Kapeller Rene PSI wrote:
> >
> >> Can anyone help me on the following problem:
> >>
> >> In order to take away nfs write permissions instantly for a previously
> >> mounted
> >> nfs directory called '/data', I'm changing the export options for '/data'
> >> on the server to 'ro', while keeping the mount on the client.
> >>
> >> exportfs -io ro,sync,wdelay,no_root_squash nfsclient:/data
> >>
> >> exportfs -v
> >> /data nfsserver(ro,wdelay,no_root_squash)
> >>
> >> Surprisingly the client can still write to /data at this point, unless
> >> I do
> >> umount/mount of /data.
> >>
> >> Is this the way it's suposed to work?
> >>
> >> Changing the nfs export options on a SunOS 5.6 while clients have
> >> mounted
> >> a nfs path, write permissions are instantly taken away from it.
> >>
> >> share -F nfs -o ro,root=nfsclient /data
> >>
> >> In both cases I used the following nfs mount options:
> >> mount -o rw,sync,nfsvers=3,wsize=32768,rsize=32768
> >>
> >> Thanks!
> >> - Rene
--
------------------------------------------------------------
Tom McNeal [email protected] (650)906-0761 (cell)
------------------------------------------------------------
-------------------------------------------------------
Bringing you mounds of caffeinated joy
>>> http://thinkgeek.com/sf <<<
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Thursday June 20, [email protected] wrote:
> Can anyone help me on the following problem:
>
> In order to take away nfs write permissions instantly for a previously
> mounted
> nfs directory called '/data', I'm changing the export options for '/data'
> on the server to 'ro', while keeping the mount on the client.
>
> exportfs -io ro,sync,wdelay,no_root_squash nfsclient:/data
^^^^^^^^^
>
> exportfs -v
> /data nfsserver(ro,wdelay,no_root_squash)
^^^^^^^^^
Presumably both should read "nfsclient" - yes?
This should work.
What version of nfs-utils are you using?? (showmount -v)
What does /proc/fs/nfs/exports say for nfsclient after you try to
re-export it?
Can you give more details? What is in /etc/exports that relates to
the client (is it a wildcard export, a netgroup export...)..
NeilBrown
-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Neil Brown wrote:
> On Thursday June 20, [email protected] wrote:
>
>>Can anyone help me on the following problem:
>>
>>In order to take away nfs write permissions instantly for a previously
>>mounted
>>nfs directory called '/data', I'm changing the export options for '/data'
>>on the server to 'ro', while keeping the mount on the client.
>>
>>exportfs -io ro,sync,wdelay,no_root_squash nfsclient:/data
>
> ^^^^^^^^^
>
>>exportfs -v
>>/data nfsserver(ro,wdelay,no_root_squash)
>
> ^^^^^^^^^
>
> Presumably both should read "nfsclient" - yes?
>
> This should work.
>
> What version of nfs-utils are you using?? (showmount -v)
>
> What does /proc/fs/nfs/exports say for nfsclient after you try to
> re-export it?
>
> Can you give more details? What is in /etc/exports that relates to
> the client (is it a wildcard export, a netgroup export...)..
>
> NeilBrown
To be precise, the entry in the /etc/exports looks like this:
/data2 172.19.0.0/255.255.0.0(ro,sync,no_root_squash)
exportfs -v
/data2 172.19.0.0/255.255.0.0(ro,wdelay,no_root_squash)
cat /proc/fs/nfs/exports
/data2
pc3691.slspn.psi.ch(rw,no_root_squash,sync,wdelay) # 172.19.84.51
Ooops ...!
I'm using RedHat-7.3 on the server and on the client (nfs-utils-0.3.3-5)
Rene
-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Friday June 21, [email protected] wrote:
>
>
> To be precise, the entry in the /etc/exports looks like this:
> /data2 172.19.0.0/255.255.0.0(ro,sync,no_root_squash)
>
> exportfs -v
> /data2 172.19.0.0/255.255.0.0(ro,wdelay,no_root_squash)
>
> cat /proc/fs/nfs/exports
> /data2
> pc3691.slspn.psi.ch(rw,no_root_squash,sync,wdelay) # 172.19.84.51
>
> Ooops ...!
>
> I'm using RedHat-7.3 on the server and on the client (nfs-utils-0.3.3-5)
>
> Rene
>
I've just tried that version of nfs-utils and it seems to do the right
thing.
I can either:
edit /etc/exports, and run "exportfs -r"
or run
exportfs -io new,option,list hostname:/directory
and it will set the options properly.
Maybe a little explanation of how it all works will help:
/etc/exports contains information about how file systems should
normally be exported. This is only read by exportfs.
/var/lib/nfs/etab contains information about what filesystems should
be exported to whom at the moment.
/var/lib/nfs/rmtab contains a list of which filesystems actually are
mounted by certain clients at the moment.
/proc/fs/nfs/exports contains information about what filesystems are
exported to actual client (individual, not subnet or whatever)
at the moment.
/var/lib/nfs/xtab is the same information as /proc/fs/nfs/exports but
is maintained by nfs-utils instead of directly by the kernel. It
is only used if /proc isn't mounted.
When a mount request arrives, mountd check .../etab to see if that
host is allowed access. If it is, an entry is placed in .../rmtab and
the filesystem is exported thus creating an entry in
/proc/fs/nfs/exports.
When you run
exportfs -io options host:/dir
then the entry in ../etab is changed, or a new one is added.
If it is a subnet/wildcard/netgroup entry, then every line in ../rmtab
is checked to see if it matches. When a match is found, a
host-specific entry is given to (or changed in) the kernel.
When you run
exportfs -a
it makes sure that all entries in /etc/exports are properly reflected
in .../etab. Any extra entries in etab are left alone. Once the
correct content of etab has been determined, rmtab is examine to
create a list of specific-host entries for any new entries in etab.
This host-specific entries are given to the kernel.
When you run
exportfs -r
it ignores the prior contents of .../etab and initialises etab to the
contents of /etc/exportfs. Then it inspects rmtab and make an changes
to /proc/fs/nfs/export that are necessary.
In general, the safest thing to do is edit /etc/exports and run
exportfs -r
If this leaves you will /proc/fs/nfs/exports containing something that
you didn't expect, please show me the details (exportfs,etab,rmtab)
and I will look again.
NeilBrown
-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Hi,
thanks for these detailed information, could you please put this on the faq
site?
Thanks,
Bernd
-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Done. BTW, there was a request a while ago to have the FAQ
pay a little more attention to client vs. server related
questions; I still mean to address that, but thought I'd
wait until the latest NFS utils package is released. I'll
need to update things a little bit anyway when that happens.
Tom
Bernd Schubert wrote:
>
> Hi,
>
> thanks for these detailed information, could you please put this on the faq
> site?
>
> Thanks,
>
> Bernd
>
> -------------------------------------------------------
> Sponsored by:
> ThinkGeek at http://www.ThinkGeek.com/
> _______________________________________________
> NFS maillist - [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfs
--
------------------------------------------------------------
Tom McNeal [email protected] (650)906-0761 (cell)
------------------------------------------------------------
-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs