Networking
Showing results for 
Search instead for 
Do you mean 

How to restrict NFS share access to particular server ?

Advisor

How to restrict NFS share access to particular server ?

[ Edited ]

 How to restrict NFS share access to particular server ?

 

P.S. This thread has been moved from Disk to  HP-UX > networking. -HP Forum Moderator

7 REPLIES
HPE Pro

Re: How to restrict NFS share access to particular server ?

# man share_nfs

 

 

Advisor

Re: How to restrict NFS share access to particular server ?

I tried that too but I culdn't find an option to restrict nfs share for a paticular server.

HPE Pro

Re: How to restrict NFS share access to particular server ?

rw=client[:client] ...
Share the pathname read-mostly if sec= option is not
provided. Read-mostly means read-write to those
clients specified and read-only for all other
systems. If a sec= option is provided, pathname is
shared read/write only to the listed clients. No
other systems can access pathname.
Honored Contributor Honored Contributor

Re: How to restrict NFS share access to particular server ?

What version of HP-UX?

 

If 11.23 or older, then you use the 'access' keyword in the /etc/exports file.

 

If 11.31 it looks like you should use a combination of the 'sec' keyword and 'ro' or 'rw' access for specific hosts in the /etc/dfs/dfstab.

Advisor

Re: How to restrict NFS share access to particular server ?

Its 11.31.

 

could you please share an example;

Acclaimed Contributor Acclaimed Contributor

Re: How to restrict NFS share access to particular server?

>could you please share an example

 

share -F nfs  -o ro=access_list,rw=access_list,sec=mode[:mode] pathname

For a particular server:

share -F nfs  -o rw=server-FQDN pathname

Highlighted
Honored Contributor Honored Contributor

Re: How to restrict NFS share access to particular server?

Here's an example from one of my servers.

 

I'm allowing the share to a server called atl1 only.  I am allowing read/write access and allowing root access as well.

 

# cat /etc/dfs/dfstab

# place share(1M) commands here for automatic execution
# on entering init state 3.
#
# share [-F fstype] [ -o options] [-d "<text>"] <pathname>
# .e.g,
# share -F nfs -o rw=engineering -d "home dirs" /home
share -F nfs -o sec=sys,rw=atl1,root=atl1 /var/tmp/pw

 

From ATL1:

 

# mount ignite:/var/tmp/pw /mnt
atl1-11.23 root / # cd /mnt
atl1-11.23 root /mnt # ll
total 16
drwxr-xr-x 2 root sys 96 Feb 27 10:08 .
drwxr-xr-x 27 root root 8192 Oct 24 12:39 ..
-rw-r--r-- 1 root sys 0 Feb 27 10:08 afile1
-rw-r--r-- 1 root sys 0 Feb 27 10:08 afile2
-rw-r--r-- 1 root sys 0 Feb 27 10:08 afile3
atl1-11.23 root /mnt # rm afile3
afile3: ? (y/n) y
atl1-11.23 root /mnt # ll
total 16
drwxr-xr-x 2 root sys 96 Feb 27 10:11 .
drwxr-xr-x 27 root root 8192 Oct 24 12:39 ..
-rw-r--r-- 1 root sys 0 Feb 27 10:08 afile1
-rw-r--r-- 1 root sys 0 Feb 27 10:08 afile2

 

From another server:

 

atl6-11.31 root /root # mount ignite:/var/tmp/pw /mnt15
nfs mount: ignite:/var/tmp/pw: Permission denied

 

Here's a link to the "NFS Services Administrator's Guide HP-UX 11iv3"

http://h20566.www2.hp.com/portal/site/hpsc/template.BINARYPORTLET/public/kb/docDisplay/resource.process/?spf_p.tpst=kbDocDisplay_ws_BI&spf_p.rid_kbDocDisplay=docDisplayResURL&javax.portlet.begCacheTok=com.vignette.cachetoken&spf_p.rst_kbDocDisplay=wsrp-resourceState%3DdocId%253Demr_na-c02136987-1%257CdocLocale%253D&javax.portlet.endCacheTok=com.vignette.cachetoken

 

 

Hopefully this helps.