[olug] NFS

Tim & Alethea Larson thelarsons3 at cox.net
Wed Jun 4 22:26:57 UTC 2008


Brian Roberson wrote:
> If you have sync'ed up all the UID's client and server, I would definately
> get rid of all that root mangling! I think (fuzzy solaris memory) but it
> defaults to squash root, and best practice is not to trust any remote root
> anyways ;-)
> 
> Just as a quick test, change your dfstab to:
> 
> share -F nfs -o rw=client1,client2,client3 -d "pkgsrc" /usr/pkgsrc
> 
> 
> and mount from the client. do an ls to wherever you mounted it (as a user
> with file permisions on the export) and just try to touch a file (touch
> /some/mount/point/foobar)
> 
> One other thing to note is to ensure name resulitions works 100% (FQDN and
> Reverse) for whatever client's you put in your "rw" list.

After about 8 or 10 attempts, I was able to get it to work with this:

share -F nfs -o rw,root=charliebrown:franklin:shermy:schroeder:olaf -d 
"pkgsrc" /usr/pkgsrc

Since the file perms are 755 root:root I guess I don't necessarily have 
to have it ro to other users.  Since I'm the only root on the allowed 
machines, I think I can trust myself.  :)


Tim
-- 
Tim & Alethea
christtrek.org



More information about the OLUG mailing list