On Wed, 19 Jun 2019, Roderick wrote:
> Sure a bug. Good night. Rod.
> I have in /etc/exports only the following line:
> /home/exp/nfs -alldirs -ro -network=10.0.0.0 -mask=255.255.255.0
> I start the nfs service either with "rcctl -f start portmap mountd nfsd" or
> with "portmap; mountd; nfsd -u -t -n 4".
> Then I can mount *any* directory in the client, for example:
> I do not remember that this is normal. Is it??????!!!!
Yes, it's even documented in exports(5):
Regarding -alldirs, because NFS mount filehandles are filesystem wide the
-alldirs option applies to exports of the entire filesystem — even
mountpoints that are higher up elsewhere in the directory hierarchy.
Hence if the server has a filesystem /export and you wished to export the
/export/root/client -alldirs client.foo.com
you must realize that this also allows mounts to be requested against
other locations in the /export filesystem; thus the host client.foo.com
is also permitted to mount the directory /export/root/client2 if it
The classic workaround is to put what you're exporting on its own