NFS exports everything (fwd)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

NFS exports everything (fwd)

Roderick

Sure a bug. Good night. Rod.

---------- Forwarded message ----------
Date: Wed, 19 Jun 2019 21:58:56 +0000 (UTC)
From: Roderick <[hidden email]>
To: [hidden email]
Subject: NFS exports everything


I am quite sleepy, perhaps a stupid error, but annoying.

I have in /etc/exports only the following line:

/home/exp/nfs  -alldirs  -ro  -network=10.0.0.0  -mask=255.255.255.0

I start the nfs service either with "rcctl -f start portmap mountd nfsd" or
with "portmap; mountd; nfsd -u -t -n 4".

Then I can mount *any* directory in the client, for example:

mount -t nfs 10.0.0.14:/etc /mnt

I do not remember that this is normal. Is it??????!!!!

Rodrigo

Reply | Threaded
Open this post in threaded view
|

Re: NFS exports everything (fwd)

Klemens Nanni-2
On Wed, Jun 19, 2019 at 10:26:12PM +0000, Roderick wrote:
> I do not remember that this is normal. Is it??????!!!!
See exports(5), BUGS.

Reply | Threaded
Open this post in threaded view
|

Re: NFS exports everything (fwd)

Philip Guenther-3
In reply to this post by Roderick
On Wed, 19 Jun 2019, Roderick wrote:
> Sure a bug. Good night. Rod.
...

> I have in /etc/exports only the following line:
>
> /home/exp/nfs  -alldirs  -ro  -network=10.0.0.0  -mask=255.255.255.0
>
> I start the nfs service either with "rcctl -f start portmap mountd nfsd" or
> with "portmap; mountd; nfsd -u -t -n 4".
>
> Then I can mount *any* directory in the client, for example:
>
> I do not remember that this is normal. Is it??????!!!!

Yes, it's even documented in exports(5):

BUGS
...
     Regarding -alldirs, because NFS mount filehandles are filesystem wide the
     -alldirs option applies to exports of the entire filesystem — even
     mountpoints that are higher up elsewhere in the directory hierarchy.
     Hence if the server has a filesystem /export and you wished to export the
     sub-directory

           /export/root/client -alldirs client.foo.com

     you must realize that this also allows mounts to be requested against
     other locations in the /export filesystem; thus the host client.foo.com
     is also permitted to mount the directory /export/root/client2 if it
     exists.


The classic workaround is to put what you're exporting on its own
filesystem.



Philip Guenther