HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

limiting NFS mounts within SG.

 
SOLVED
Go to solution
derek b smith_1
Regular Advisor

limiting NFS mounts within SG.

Hi All,

I have looked within ITRC and found some info, but not exactly what I wanted to see.

here are my exports in my NFS .cntl file
XFS[0]="/cbhost/pro/shared"
XFS[1]="/cbhost/pro/clinks"
XFS[2]="/cbhost/pro/current4/ready"
XFS[3]="/cbhost/pro/doc"

Would I just place the standard entry access=host1:host2:...
in this file, then cmapply it or can I just use netgroups to apply security to these SG NFS resources? Is there anything more to let SG know about netgroups if I use netgroups?

netgroup:
rwhosts (rwhost1,,) (rwhost2,,)
rohosts (rohost1,,) (rohost2,,)
admin (admin1,,) (admin2,,)
exports:
/dir1 root=admin1:admin2,rw=rwhosts,ro=rohosts
4 REPLIES
derek b smith_1
Regular Advisor

Re: limiting NFS mounts within SG.

I found my answer in /etc/cmcluster/nfs/hanfs.sh

it uses access=

But now my question is, is pcnfsd needed by HA-NFS in MCSG in order for HA-NFS to function correctly? Is pcnfsd needed by samba and cifs.
Per the man page I see no relation.
I need to turn this proc off for security reasons.

thank you
Viktor Balogh
Honored Contributor
Solution

Re: limiting NFS mounts within SG.

Hi Derek,

>is pcnfsd needed by HA-NFS in MCSG in order for HA-NFS to function correctly?

What kind of NFS clients do you have? According to the man pages of pcnfsd, it is needed only in case you want to have NFS access from DOS or other PC operating system.

"pcnfsd is an RPC server that supports ONC clients on PC (DOS, OS/2, Macintosh, and other) systems. This describes version two of the pcnfsd server."

here is also a reference to pcnfsd in the HA-NFS documentation:

http://docs.hp.com/en/B5140-90026/ch02s04.html#babihege

"Retry - the number of attempts to ping the rpc.statd, rpc.mountd, nfsd, rpc.pcnfsd, and nfs.flm processes before exiting. The default is 4 attempts."

so I'm pretty sure you won't need it unless you have outdated PC clients.

>Is pcnfsd needed by samba and cifs.

no, pcnfsd is only for NFS shares

****
Unix operates with beer.
derek b smith_1
Regular Advisor

Re: limiting NFS mounts within SG.

thank you sir!
I only have cifs, samba shares and NFS.
derek b smith_1
Regular Advisor

Re: limiting NFS mounts within SG.

closed