Re: Can NFS Share be mounted on a client that doesnt have any persmission to the share??? (232 Views)
Reply
Regular Advisor
Kennedy G. Doss
Posts: 138
Registered: ‎09-18-2005
Message 1 of 3 (261 Views)
Accepted Solution

Can NFS Share be mounted on a client that doesnt have any persmission to the share???

HP-UX Gurus:

 

I want to share one of my filesystems via NFS with a Server B. However, I notice that on Server C which is not mentioned DFS tab, I am able to mount the same share in Read Only mode. I was under the impression,  the shared  filesystem shouldn't be able to be mounted on other Server - other than the one(s) mentioned in the DFS stab. Isn't this serious security violation?

 

Either I have understood this incorrectly or there is something more to the syntax in the /etc/dfs/dfstab file.

 

My /etc/dfs/dfstab entry on master server SERVERA

share -F nfs -o root=SERVERB,rw=SERVERB /home/USERA

 

 

Why am I able to mount it on a server (SERVERC) that is not mentioned in the Master server’s /etc/dfs/dfstab?

 

root@SERVERC:# mount SERVERA:/home/USERA /test

root@SERVERC:# bdf -t nfs

Filesystem          kbytes    used   avail %used Mounted on

SERVERC:/home/USERA

                   1048576   39544 1001160    4% /test

root@SERVERC:#

HP Pro
Dave Olker
Posts: 1,432
Registered: ‎10-10-2002
Message 2 of 3 (254 Views)

Re: Can NFS Share be mounted on a client that doesnt have any persmission to the share???

# man share_nfs

 

rw=access_list


Sharing will be read-mostly to clients in
access_list. Read-mostly means read-write to
those clients specified and read-only for all
other systems. If sec= option is provided,
sharing will be read-write to the clients listed
in access_list; overrides the ro suboption for the
clients specified.

 

If you want to restrict access to the filesystem to ONLY those clients listed in the rw= list then you need to combine the rw= option with the sec= option.  In your case it would look something like this:

 

share -F nfs -o root=SERVERB,rw=SERVERB,sec=sys /home/USERA

 

Dave

Regular Advisor
Kennedy G. Doss
Posts: 138
Registered: ‎09-18-2005
Message 3 of 3 (232 Views)

Re: Can NFS Share be mounted on a client that doesnt have any persmission to the share???

Dave:

 

You are the man!! sec=sys is just what I was looking for. I tested it out and I am unable to mount it on a server that is not specified in the dfstab file. Thanks for taking the time and getting back to me. I appreciate the help.

 

-Kennedy

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.