04-12-2014 07:08 AM
I want to share one of my filesystems via NFS with a Server B. However, I notice that on Server C which is not mentioned DFS tab, I am able to mount the same share in Read Only mode. I was under the impression, the shared filesystem shouldn't be able to be mounted on other Server - other than the one(s) mentioned in the DFS stab. Isn't this serious security violation?
Either I have understood this incorrectly or there is something more to the syntax in the /etc/dfs/dfstab file.
My /etc/dfs/dfstab entry on master server SERVERA
share -F nfs -o root=SERVERB,rw=SERVERB /home/USERA
Why am I able to mount it on a server (SERVERC) that is not mentioned in the Master server’s /etc/dfs/dfstab?
root@SERVERC:# mount SERVERA:/home/USERA /test
root@SERVERC:# bdf -t nfs
Filesystem kbytes used avail %used Mounted on
1048576 39544 1001160 4% /test
Solved! Go to Solution.
04-12-2014 07:49 AM
# man share_nfs
Sharing will be read-mostly to clients in
access_list. Read-mostly means read-write to
those clients specified and read-only for all
other systems. If sec= option is provided,
sharing will be read-write to the clients listed
in access_list; overrides the ro suboption for the
If you want to restrict access to the filesystem to ONLY those clients listed in the rw= list then you need to combine the rw= option with the sec= option. In your case it would look something like this:
share -F nfs -o root=SERVERB,rw=SERVERB,sec=sys /home/USERA
04-12-2014 01:48 PM
You are the man!! sec=sys is just what I was looking for. I tested it out and I am unable to mount it on a server that is not specified in the dfstab file. Thanks for taking the time and getting back to me. I appreciate the help.