I am currently running a 10.2-RELEASE-p7 that is sharing zfs datasets over NFS.
Before this, my file server was running Solaris, so I am coming from a Solaris-centric way of thinking, so I have some preconceptions I am working on getting over.
Things are *mostly* fine. the command I used to share filesystems is this:
the idea was that for any machine in the lab1 and lab2 netgroup that mounts the filesystem, will be given the uid of pseudoadmin (and not really root) when crossing the NFS boundary. Any machine in the adminmachines group will still be mapped to uid 0 when crossing over.
however I have discovered that root on the lab1 machines can create and modify files on the NFS share as though they are root, not pseudoadmin.
when I look at /etc/zfs/exports I see:
My thought is -- is the second -maproot= overriding the first, leaving all machines to allow root to remain root when passing over NFS?
I was reading that zfs sharenfs should be kept to simple things if used, so if this doesn't work,
should I instead be using /etc/exports? and if so; would it need to be multi-line and look like this:
thank you!
Before this, my file server was running Solaris, so I am coming from a Solaris-centric way of thinking, so I have some preconceptions I am working on getting over.
Things are *mostly* fine. the command I used to share filesystems is this:
Code:
zfs sharenfs="maproot=pseudoadmin alldirs lab1 lab2, maproot=root alldirs adminmachines" mypool/home1
the idea was that for any machine in the lab1 and lab2 netgroup that mounts the filesystem, will be given the uid of pseudoadmin (and not really root) when crossing the NFS boundary. Any machine in the adminmachines group will still be mapped to uid 0 when crossing over.
however I have discovered that root on the lab1 machines can create and modify files on the NFS share as though they are root, not pseudoadmin.
when I look at /etc/zfs/exports I see:
Code:
/mypool/home1 -maproot=pseudoadmin -alldirs lab1 lab2 -maproot=root -alldirs adminmachines
My thought is -- is the second -maproot= overriding the first, leaving all machines to allow root to remain root when passing over NFS?
I was reading that zfs sharenfs should be kept to simple things if used, so if this doesn't work,
should I instead be using /etc/exports? and if so; would it need to be multi-line and look like this:
Code:
/mypool/home1 -maproot=pseudoadmin -alldirs lab1 lab2
/mypool/home1 -maproot=root -alldirs adminmachines
thank you!