On Apr 23, 10:33 pm, estienne <ste...@gmail.com> wrote:
> I'm trying to do this "simple" thing:
>
> - Directory /export/rw is exported with read-write for a subset of
> servers (server1, server2, server3)

That the solution in case you are using the option -o rw=clien1:....

> - The same directory needs to be Read-Only for all servers, including
> server1, server2, server3 (more than 200 servers in read-only)
>
> You cannot export the same directory twice. What I did:

Not quite correct. You can not export the same directory with the same
NFS version

>
> ln -s /export/rw /export/ro
?

>
> and then I exported the /export/ro as read-only. Many tests later, I
> found that only server1, server2 and server3 can mount /export/ro!!!
> It is as if AIX export only the "real" directory, no matter on many
> links I put.
>
> Any ideas, any suggestions?
>
> What I really want to do: permit only a subset of server to write to
> this directory, but any server can read it. This space will contain
> "configuration files", and I want to be sure that only the servers I
> control can write to this directory. I don't care if any servers, or
> linux workstation, or Windows with Unix services access it to read the
> content.
>
> Thanks.
>
> AIX 5.3.3, TL5 SP4, jfs2

Short:
man exportfs
...... -o rw=Client1:Client2:clientN # Also other nodes have only ro
access.

Also beware of security limitations with NFS v2/v3 regarding hostname/
ip take over.
A secure approach would be to export ro with NFS v3 and rw with NFS v4/
dce as mentioned in the example section of the man page for exportfs

You should read also
Securing NFS in AIX
An Introduction to NFS v4 in AIX 5L Version 5.3
http://www.redbooks.ibm.com/Redbooks.../SG247204.html

hth
Hajo