SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-24-2008, 04:38 PM
| ||||
| ||||
 NFS: directory rw for subset of servers, ro for all others I'm trying to do this "simple" thing: - Directory /export/rw is exported with read-write for a subset of servers (server1, server2, server3) - The same directory needs to be Read-Only for all servers, including server1, server2, server3 (more than 200 servers in read-only) You cannot export the same directory twice. What I did: ln -s /export/rw /export/ro and then I exported the /export/ro as read-only. Many tests later, I found that only server1, server2 and server3 can mount /export/ro!!! It is as if AIX export only the "real" directory, no matter on many links I put. Any ideas, any suggestions? What I really want to do: permit only a subset of server to write to this directory, but any server can read it. This space will contain "configuration files", and I want to be sure that only the servers I control can write to this directory. I don't care if any servers, or linux workstation, or Windows with Unix services access it to read the content. Thanks. AIX 5.3.3, TL5 SP4, jfs2      |
|
04-24-2008, 04:38 PM
| |||
| |||
| Re: NFS: directory rw for subset of servers, ro for all others On Apr 23, 10:33 pm, estienne <ste...@gmail.com> wrote: > I'm trying to do this "simple" thing: > > - Directory /export/rw is exported with read-write for a subset of > servers (server1, server2, server3) That the solution in case you are using the option -o rw=clien1:.... > - The same directory needs to be Read-Only for all servers, including > server1, server2, server3 (more than 200 servers in read-only) > > You cannot export the same directory twice. What I did: Not quite correct. You can not export the same directory with the same NFS version > > ln -s /export/rw /export/ro ? > > and then I exported the /export/ro as read-only. Many tests later, I > found that only server1, server2 and server3 can mount /export/ro!!! > It is as if AIX export only the "real" directory, no matter on many > links I put. > > Any ideas, any suggestions? > > What I really want to do: permit only a subset of server to write to > this directory, but any server can read it. This space will contain > "configuration files", and I want to be sure that only the servers I > control can write to this directory. I don't care if any servers, or > linux workstation, or Windows with Unix services access it to read the > content. > > Thanks. > > AIX 5.3.3, TL5 SP4, jfs2 Short: man exportfs ...... -o rw=Client1:Client2:clientN # Also other nodes have only ro access. Also beware of security limitations with NFS v2/v3 regarding hostname/ ip take over. A secure approach would be to export ro with NFS v3 and rw with NFS v4/ dce as mentioned in the example section of the man page for exportfs You should read also Securing NFS in AIX An Introduction to NFS v4 in AIX 5L Version 5.3 http://www.redbooks.ibm.com/Redbooks.../SG247204.html hth Hajo |
|
04-24-2008, 04:38 PM
| ||||
| ||||
| Re: NFS: directory rw for subset of servers, ro for all others estienne wrote: > I'm trying to do this "simple" thing: > > - Directory /export/rw is exported with read-write for a subset of > servers (server1, server2, server3) > - The same directory needs to be Read-Only for all servers, including > server1, server2, server3 (more than 200 servers in read-only) Check the smit nfs screens. The option is read-mostly |
Linear Mode
