HPE Community
Operating System - HP-UX
1752396 Members
7246 Online
108788 Solutions
New Discussion

Can NFS Share be mounted on a client that doesnt have any persmission to the share???

 
SOLVED
Go to solution
Kennedy G. Doss
Regular Advisor

‎04-12-2014 07:08 AM

‎04-12-2014 07:08 AM

Can NFS Share be mounted on a client that doesnt have any persmission to the share???

HP-UX Gurus:

 

I want to share one of my filesystems via NFS with a Server B. However, I notice that on Server C which is not mentioned DFS tab, I am able to mount the same share in Read Only mode. I was under the impression,  the shared  filesystem shouldn't be able to be mounted on other Server - other than the one(s) mentioned in the DFS stab. Isn't this serious security violation?

 

Either I have understood this incorrectly or there is something more to the syntax in the /etc/dfs/dfstab file.

 

My /etc/dfs/dfstab entry on master server SERVERA

share -F nfs -o root=SERVERB,rw=SERVERB /home/USERA

 

 

Why am I able to mount it on a server (SERVERC) that is not mentioned in the Master server’s /etc/dfs/dfstab?

 

root@SERVERC:# mount SERVERA:/home/USERA /test

root@SERVERC:# bdf -t nfs

Filesystem          kbytes    used   avail %used Mounted on

SERVERC:/home/USERA

                   1048576   39544 1001160    4% /test

root@SERVERC:#

0 Kudos
Reply
2 REPLIES 2
Dave Olker
HPE Pro

‎04-12-2014 07:49 AM

‎04-12-2014 07:49 AM

Solution

Re: Can NFS Share be mounted on a client that doesnt have any persmission to the share???

# man share_nfs

 

rw=access_list


Sharing will be read-mostly to clients in
access_list. Read-mostly means read-write to
those clients specified and read-only for all
other systems. If sec= option is provided,
sharing will be read-write to the clients listed
in access_list; overrides the ro suboption for the
clients specified.

 

If you want to restrict access to the filesystem to ONLY those clients listed in the rw= list then you need to combine the rw= option with the sec= option.  In your case it would look something like this:

 

share -F nfs -o root=SERVERB,rw=SERVERB,sec=sys /home/USERA

 

Dave

I work for HPE

[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Reply
Kennedy G. Doss
Regular Advisor

‎04-12-2014 01:48 PM

‎04-12-2014 01:48 PM

Re: Can NFS Share be mounted on a client that doesnt have any persmission to the share???

Dave:

 

You are the man!! sec=sys is just what I was looking for. I tested it out and I am unable to mount it on a server that is not specified in the dfstab file. Thanks for taking the time and getting back to me. I appreciate the help.

 

-Kennedy

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.