Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Can NFS Share be mounted on a client that doesnt have any persmission to the share???

SOLVED
Go to solution
Highlighted
Kennedy G. Doss
Regular Advisor

Can NFS Share be mounted on a client that doesnt have any persmission to the share???

HP-UX Gurus:

 

I want to share one of my filesystems via NFS with a Server B. However, I notice that on Server C which is not mentioned DFS tab, I am able to mount the same share in Read Only mode. I was under the impression,  the shared  filesystem shouldn't be able to be mounted on other Server - other than the one(s) mentioned in the DFS stab. Isn't this serious security violation?

 

Either I have understood this incorrectly or there is something more to the syntax in the /etc/dfs/dfstab file.

 

My /etc/dfs/dfstab entry on master server SERVERA

share -F nfs -o root=SERVERB,rw=SERVERB /home/USERA

 

 

Why am I able to mount it on a server (SERVERC) that is not mentioned in the Master server’s /etc/dfs/dfstab?

 

root@SERVERC:# mount SERVERA:/home/USERA /test

root@SERVERC:# bdf -t nfs

Filesystem          kbytes    used   avail %used Mounted on

SERVERC:/home/USERA

                   1048576   39544 1001160    4% /test

root@SERVERC:#

2 REPLIES
Dave Olker
HPE Pro
Solution

Re: Can NFS Share be mounted on a client that doesnt have any persmission to the share???

# man share_nfs

 

rw=access_list


Sharing will be read-mostly to clients in
access_list. Read-mostly means read-write to
those clients specified and read-only for all
other systems. If sec= option is provided,
sharing will be read-write to the clients listed
in access_list; overrides the ro suboption for the
clients specified.

 

If you want to restrict access to the filesystem to ONLY those clients listed in the rw= list then you need to combine the rw= option with the sec= option.  In your case it would look something like this:

 

share -F nfs -o root=SERVERB,rw=SERVERB,sec=sys /home/USERA

 

Dave

Kennedy G. Doss
Regular Advisor

Re: Can NFS Share be mounted on a client that doesnt have any persmission to the share???

Dave:

 

You are the man!! sec=sys is just what I was looking for. I tested it out and I am unable to mount it on a server that is not specified in the dfstab file. Thanks for taking the time and getting back to me. I appreciate the help.

 

-Kennedy