State-Changed-When: Sun Mar 12 07:58:50 MST 2006
Sorry, but that is how it works. You cannot export directories -- you
export FILESYSTEMS. So if you export a filesystem with a mode, that's
it, it is exported like that. The kernel does not have a mechanism to
constrain at the directory level later.
What you really want is real local split partitions.
> Synopsis: /etc/exports read-only 'carryover'
> State-Changed-From-To: open->closed
> State-Changed-By: deraadt
> State-Changed-When: Sun Mar 12 07:58:50 MST 2006
> Sorry, but that is how it works. You cannot export directories -- you
> export FILESYSTEMS. So if you export a filesystem with a mode, that's
> it, it is exported like that. The kernel does not have a mechanism to
> constrain at the directory level later.
> What you really want is real local split partitions.
As I understand it now, only the first line exporting a specific
filesystem decides the read-write status of all exported directories on
that filesystem. Having -ro on a later line has no effect. That should
be noted somewhere.
> Theo de Raadt wrote:
>> no, you don't understand.
>> it is the maximum permissions of any given, and that is obvious
>> when you figure out what is being done.
> After your first mail, a light went on for me. But still, in /etc/exports
> /var/db/pkg -ro
> /var/db/pkg -ro
> have different effects (both ro vs. both rw). I feel that that should
> be mentioned in a manpage or so, but I don't want to pick a fight, it's
> your OS (and a good one at that). Thank you for your time.
--- exports.5.orig Wed Mar 15 13:48:40 2006
+++ exports.5 Wed Mar 15 13:59:12 2006
@@ -291,3 +291,21 @@
mount the directory
if it exists.
+The same caveat exists for
+The read-write permissions of a mount point will propagate from the
+first exporting line to other exports of the same filesystem.
+.Bd -literal -offset indent
+will not make
+read-only, while the opposite order of the exporting lines would make