SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-05-2008, 06:04 AM
| ||||
| ||||
 export using network name ... anyone ? Hi all, I'm trying to restrict NFS write access to a single host outside my net, while allowing rw access to my local clients. Doc say I can export a filesystem read-mostly by providing the rw client list using client names or network name. I can't list all the local clients in the /etc/exports file, but using the network name syntax I can tell NFS that I want my network to be allowed RW and all the others shold get RO. I've built my /etc/networks file, but the exportfs command does not accept this setting. Anyone ever tried this successfully ? Server is AIX 4.3 but 5.1 behaves the same rw = Client [:Client] Exports the directory with read-write permission to the machines specified by the Client parameter and read-only to all others. The Client parameter can be either the host name or the network name. If a rw host name is not specified, the directory is exported with read-write permission to all. -- Alberto 'JCN-9000' Varesio AKA BlueRider AIX pSeries System Admin Datavision PLM - Tel: +393351811324 Biker on HONDA CB500 - LHG http://www.datavisionplm.com Jeeper on Sport TJ - Wave 4U2Read: http://www.georgedillon.com/web/security.shtml == Knowledge is what you have left over after you forget what you were taught.      |
|
01-05-2008, 06:04 AM
| |||
| |||
| Re: export using network name ... anyone ? we use this based on subdomain names ... so if your local boxes are all in the same subnet domain.. This the /etc/exports entry /exported_fs -access=*.oursubdomain.ourdomain.com Not sure thats gonna help.... Cheers Mark Taylor |
|
01-05-2008, 06:04 AM
| |||
| |||
| Re: export using network name ... anyone ? Mark Taylor wrote: > we use this based on subdomain names ... so if your local boxes are > all in the same subnet domain.. > > This the /etc/exports entry > > /exported_fs -access=*.oursubdomain.ourdomain.com -access works if you wanto to limit mount access, I need to limit write access. -- Alberto 'JCN-9000' Varesio AKA BlueRider AIX pSeries System Admin Datavision PLM - Tel: +393351811324 Biker on HONDA CB500 - LHG http://www.datavisionplm.com Jeeper on Sport TJ - Wave 4U2Read: http://www.georgedillon.com/web/security.shtml == BOFH Excuse: Your EMAIL is now being delivered by the USPS. |
|
01-05-2008, 06:04 AM
| |||
| |||
| Re: export using network name ... anyone ? Alberto 'JCN-9000' Varesio wrote: > > Hi all, > I'm trying to restrict NFS write access to a single host outside my net, > while allowing rw access to my local clients. > Doc say I can export a filesystem read-mostly by providing the rw client > list using client names or network name. > > I can't list all the local clients in the /etc/exports file, but using > the network name syntax I can tell NFS that I want my network to be > allowed RW and all the others shold get RO. > > I've built my /etc/networks file, but the exportfs command does not > accept this setting. > > Anyone ever tried this successfully ? > > Server is AIX 4.3 but 5.1 behaves the same > > > rw = Client [:Client] > Exports the directory with read-write > permission to the machines specified by the Client parameter and > read-only to all others. The Client parameter can be either the host > name or the network name. If a rw host name is not specified, the > directory is exported with read-write permission to all. > > In 5.2 it is possible to export a directory read-mostly, and then give a hostname list of machines with write access. Haven't tried it. -- Erlo ----- Remove underscores from mail address. The statements and opinions are mine and does not neccesarily reflect those of my employers |
|
01-05-2008, 06:04 AM
| ||||
| ||||
| Re: export using network name ... anyone ? - Solution Erlo Haugen wrote: > Alberto 'JCN-9000' Varesio wrote: > >> >> Hi all, >> I'm trying to restrict NFS write access to a single host outside my >> net, while allowing rw access to my local clients. >> > In 5.2 it is possible to export a directory read-mostly, and then give > a hostname list of machines with write access. Haven't tried it. > It's available sice long, 4.3 has, but client list is too long, not practical, ... Looking at 5.3 documentation and extrapolating I've got an undocumented solution: write-mostly ! Just the opposite of what you are saying. /home -ro=client,rw gives write access to the world, read-only to the listed client. works on 4.3 and up -- Alberto 'JCN-9000' Varesio AKA BlueRider AIX pSeries System Admin Datavision PLM - Tel: +393351811324 Biker on HONDA CB500 - LHG http://www.datavisionplm.com Jeeper on Sport TJ - Wave 4U2Read: http://www.georgedillon.com/web/spam_fighting.shtml == Computers are wonderful... In few seconds they make more mistakes than a person in many years... |
Linear Mode
