2

I want to share /share/foo and /share/bar etc via NFS on CentOS.

I ran into this common problem:

mount.nfs4: mounting 192.168.101.254:/share/foo failed, reason given by server: No such file or directory

The solution seems to be to export the parent directory /share with fsid=0 and then mount commands on the client use paths relateive to /share, i.e.

server exports file:

/share 192.160.0.0/16(rw,fsid=0)
/share/foo 192.160.0.0/16(ro)
/share/bar 192.160.0.0/16(ro)

client fstab:

192.168.101.254:/foo /share/foo nfs4 intr

But if I want to export this from the server:

/share/private 192.168.101.123(ro)

then won't this be available on machines other than 192.168.101.123 because many addresses have access to /share and its subdirectories?

If so, this is an unacceptable security hole. If not, what is my assurance that no client can access /share/private despite the fact that they can access /share?

In summary, I need the server to export /share/foo, /share/bar, and /share/private to different client machines over nfs4.

Community
  • 1
spraff
  • 519
  • 4
  • 8
  • 18
  • Maybe this [question](http://superuser.com/questions/894906/mount-only-sub-directory-in-nfs-export) will help in your situation? I don't think you should have to export `/share` if you are only interested in mounting specific sub-directories on you clients. – MikeA Dec 05 '16 at 17:26

1 Answers1

1

The best way to handle this is to use bind mounts: create a folder just for NFS exports:

mkdir /srv/nfs

and then add this to your /etc/fstab:

/share/foo  /srv/nfs/foo    none    defaults,bind    0  0
/share/foo  /srv/nfs/bar    none    defaults,bind    0  0

The /etc/exports is exactly the same, save with /share replaced by /srv/nfs. Also be sure and assign unique fsid's to the foo and bar entries in /etc/exports.

pgoetz
  • 435
  • 1
  • 8
  • 15