Able to mount NFS to a share's PARENT directory - How?
So I have a strange behavior occurring with my RHEL 6.6 NFS setup and I don't think it should be able to work like this.
On my RHEL6.6 NFS SERVER I have shared the following directories to two servers.
/data/toHIGH/stage
/data/toHIGH/bulk
Share options used:
/data/toHIGH/stage NFS_CLIENT1(rw,wdelay,no_root_squash,no_subtree_check)
/data/toHIGH/stage NFS_CLIENT2(rw,wdelay,no_root_squash,no_subtree_check)
/data/toHIGH/bulk NFS_CLIENT1(rw,wdelay,no_root_squash,no_subtree_check)
/data/toHIGH/bulk NFS_CLIENT2(rw,wdelay,no_root_squash,no_subtree_check)
On one of the RHEL 6.6 NFS CLIENTS some how one of my guys has mounted a directory to the PARENT of the two shares on the NFS SERVER.
So we have one of the NFS clients (NFS_CLIENT1):
/data/toHIGH/ is mounted to NFS_SERVER:/data/toHIGH/
HOW IS THIS POSSIBLE? i'm not sharing /data/toHIGH/ itself. This seems like a security problem to me. OH IT WORKS, but why?
Ideas?
Thanks much. I know Solaris 10 would have barked at me for event trying this.
Responses
Red Hat
Guru
7257 points
Without setting this up to test, sounds like no_subtree_check is behaving as expected. See man exports.
NFSv4 also has the concept of a "root" of the export, specified as fsid=0, this is how pure NFSv4 clients browse the contents of a server's exports, because RPC doesn't have to be running to allow showmount to query the NFS server.
If you don't want files in toHIGH to be exported, the following might work for you:
- Symlink
/data/toHIGH/stageto/exports/stage - Symlink
/data/toHIGH/bulkto/exports/bulk - Export
/exportsasfsid=0to NFS_CLIENT[12] - Export
/exports/stageand/exports/bulkto NFS_CLIENT[12]
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.