2

Ok guys I have a weird issue.
After recently adding a bind mount 2 folders deep inside an existing NFS4 export, when I mount that NFS export on my client, it leads directly to the bind mount. No matter what I try it doesnt change.

I have my Servers Full fstab and exports as well as my clients fstab

Server Setup

I use NFS4 and have all my exports bind mounted under /srv/nfs

/mnt/Storage bind mounted to /srv/nfs/Storage and exported NFS4.

fstab entries

/mnt/Storage        /srv/nfs/Storage          none   bind   0   0

Then there is the fstab entry for new bind mount I have recently added

/mnt/Storage/Multimedia/Complete     /srv/nfs/Multimedia/TV_Series/Complete\040Series       none   bind,_netdev   0   0

exports entry

/srv/nfs                              192.168.2.0/24(rw,sync,insecure,crossmnt,fsid=0)
...
/srv/nfs/Storage                          192.168.2.0/24(rw,async,insecure,crossmnt)

On The server everything is browsable correctly locally

ketterer@Omnibox:/srv/nfs/Storage$ ls /mnt/Storage/
'Admin Resources'   Archive   Family_Share   Multimedia   Users
ketterer@Omnibox:/srv/nfs/Storage$ ls /srv/nfs/Storage/
'Admin Resources'   Archive   Family_Share   Multimedia   Users

I can also confirm that this new bind mount on the server otherwise works as intended.

Client Setup

I have my client set up with a number of NFS mounts in fstab, but can confirm itisthe same with manual mount. fstab entry

192.168.2.2:/Storage                       /mnt/Storage                 nfs4     hard,intr    0   0

This worked for a long time without issue until I added the bind mount on the server highlighted above.

My client used to be able to mount 192.168.2.2:/srv/nfs/Storage or 192.168.2.2:/Storage just fine, but now it seems the client actually mounts /mnt/Storage/Multimedia/Complete.

Server Exports - Pastebin.com https://pastebin.com/xLDhjJJU

Server Fstab - Pastebin.com https://pastebin.com/NMuC75yf

Client Fstab - Pastebin.com https://pastebin.com/b0THBqGy

Jordan Ketterer
  • 81
  • 5
  • Why do you have the original bind mount, `/mnt/Storage /srv/nfs/Storage none bind 0 0`? This seems unnecessary. You could have just mounted the storage there. – Michael Hampton Sep 11 '20 at 03:22
  • with NFS4 as i unserstand it this is the way to goabout it. I am no expert but from what i gather to use NFS4 you need to use themlike that. I might just be miss undertandingtho – Jordan Ketterer Sep 11 '20 at 05:55
  • There is no need for bind mounts to use NFS. – Michael Hampton Sep 11 '20 at 06:36
  • ok sorry I shouldn't have said need, my research points towards this being a good practice. It helps in scale and scope of aserverand the psudofilesystem that can be used with nfs4. I dont THINK it is impacting anything. I did more testing, Everythingworks again if i remove the bind mount i recently added – Jordan Ketterer Sep 12 '20 at 03:53
  • OK, I should also say there's no _point_ to making the NFS mount point a bind mount. Directories under it might be useful as bind mounts, but the exported mount point really should not be a bind mount. – Michael Hampton Sep 12 '20 at 03:57
  • Can I please get a second opinion, Im a novice and dont want to argue, but have read multiple distro documentation that uses this type of implementation. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-nfs-server-config-exports https://help.ubuntu.com/community/NFSv4Howto – Jordan Ketterer Sep 12 '20 at 06:26
  • 1
    Arch Documentation actually goes on to say https://wiki.archlinux.org/index.php/NFS A good security practice is to define a NFS root in a discrete directory tree which will keep users limited to that mount point. Bind mounts are used to link the share mount point to the actual directory elsewhere on the filesystem. – Jordan Ketterer Sep 12 '20 at 06:31
  • The Red Hat example makes some sense, though you will notice that the top level export is not a bind mount. The Ubuntu example provides no justification at all for using bind mounts, though again the top level export (fsid=0) is not a bind mount. Nor is it in Arch's example. In all of these, the top level is an otherwise empty directory and directories containing the actual files clients would use are bind mounted below it. I'd love to hear more about why Arch calls this a security measure, but they didn't explain there. – Michael Hampton Sep 12 '20 at 16:07
  • Correct be if I'm wrong, but My top level filesystem is /srv/nfs/ and /mnt/storage is bind minutes under, you can review the full fstab submitted if you want to look in more detail. I don't understand what I'm doing wing – Jordan Ketterer Sep 12 '20 at 21:38
  • You mounted the storage at `/mnt/storage` instead of `/srv/nfs`. – Michael Hampton Sep 12 '20 at 22:38
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/112949/discussion-between-jordan-ketterer-and-michael-hampton). – Jordan Ketterer Sep 12 '20 at 23:38

0 Answers0