NFSv4 exports

[bubbasuth]

Sorry if this in wrong area, or answered somewhere, but couldn’t find thread

/etc/exports:

/export1 -maproot=root -network 192.168.10.0 -netmask 255.255.255.0
/export2 -maproot=root -network 192.168.10.0 -netmask 255.255.255.0
V4: / -sec=sys -network 192.168.10.0 -netmask 255.255.255.0

Throws an error in /var/log/messages about /export2, but showmount -e recognizes /export1 and the subnet constraint.

If I remove -network and -netmask from both /export1 and /export2, showmount -e recognizes both /export1 and /export2 but displays ‘everybody’ for access.

Pretty sure this has something to do with ‘mount-point’ barrier (-alldirs for NFSv3, but NFSv4 exports everything down to /)

 

[T-Daemon]

Throws an error in /var/log/messages about /export2, but showmount -e recognizes /export1 and the subnet constraint.

This sound like /export1 and /export2 are mount points of the same file system. If the settings for shared mount points of the same file system are defined in two different lines, only the first one is accepted.

The correct /etc/exports entry must be

/export1  /export2  -maproot=root  -network 192.168.10.0  -mask 255.255.255.0

# alternatively -network 192.168.10.0/24

The netmask is set with "-mask" (or x.x.x.x/prefixlength) on FreeBSD.

V4: / -sec=sys -network 192.168.10.0 -netmask 255.255.255.0

You can remove -network 192.168.10.0 -netmask 255.255.255.0. The only options allowed in the V4: line are security related [1].

-sec=sys can also be remove. That setting is the default. See exports manual for allowed, and detailed settings explanations.


[1] exports(5)

     The second component of a line specifies how the file system is to be
     ...
     mapped to user credentials on the server.  For the NFSv4 tree root, the
     only options that can be specified in this section are ones related to
     security: -sec, -tls, -tlscert and -tlscertuser.

 

[bubbasuth]

Yeah. That’s gotta be it. You have read exports(5) several times to get that export terminates at mount-points. One thread mentioned partition, but probably old posting where partition was mounted below root. Turns out ZFS dataset mount point also works

 

[T-Daemon]

One thread mentioned partition, but probably old posting where partition was mounted below root.

It all depends on the file system where the mount point is located. Mount points on separate file systems each require their own configuration line.

Mount points of the same file system, with same export flags must be defined in one line. The same mount points with different export flags must be defined in separate lines.

Turns out ZFS dataset mount point also works

Since each ZFS dataset of the same pool is a separate file system, each mount point of a different datasets requires a separate export line. Or, set zfsprops(7) "sharenfs" dataset property instead of /etc/exports.

 

[bubbasuth]

Ok. Read more in exports and found instruction about V4: line reserved for security and export root. Excellent

Also saw example for two directories of same file system on line defining options.

Thanks

 

[T-Daemon]

Also saw example for two directories of same file system on line defining options.

I would like to add some suggestions that I forgot to mention: You can easily check the validity of the exports settings by monitoring the system console on ttyv0 (Alt+F1), calling dmesg(8), or tail(1) /var/log/messages.

After setting or changing the exports flags in /etc/exports, restart the mountd(8) script ( service mountd restart if "mountd_enable" is set in /etc/rc.conf, or service mountd onerestart if not set), and check for [mountd] related log messages with one of the methods mentioned above.

If the settings are valid, no error messages are generated. Invalid settings will produce an error message, listing the party at fault.

When using the ZFS dataset property "sharenfs", restarting mountd(8) is not required, this happens automatically.

Thanks

No problem.