* are multiple FSIDs supported?
@ 2009-10-23 18:32 Ben DJ
[not found] ` <babafd2f0910231132n464da0crc2a5cc0427af9a40-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
0 siblings, 1 reply; 3+ messages in thread
From: Ben DJ @ 2009-10-23 18:32 UTC (permalink / raw)
To: linux-nfs
Hello,
I'm building an NFSv4 FileServer. My goal is to service multiple
machines on a LAN, each with their own, isolated namespace (I'm not
sure that's the right terminology).
Reading the man page it seems that only ONE fsid=0 export is allowed
per server. And that subdirectories of that root CAN be exported, but
always under the same/one root.
That doesn't seem like "good isolation" to me.
My goal would be to export, for example
/nfs1 & it's subdirs ONLY to LAN box1
/nfs2 & it's subdirs ONLY to LAN box2
etc
I've seen some mentions & discussion online of multiple-fsid's, where
/nfs1 would be exported as a root under fsid=0, /nfs2 under fsid=1,
etc.
But this approach doesn't look like its currently supported or
recommended. Even if it was I haven't found anything that says how a
nfsv4 client would ADDRESS the specific fsid's. Something in the
mount's URI I guess.
I know I might still be stuck in NFSv3 thinking about this, and NFSv4
subdirs might be isolated "well enough".
BenDJ
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: are multiple FSIDs supported?
[not found] ` <babafd2f0910231132n464da0crc2a5cc0427af9a40-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
@ 2009-10-23 19:00 ` J. Bruce Fields
2009-10-23 19:09 ` Ben DJ
0 siblings, 1 reply; 3+ messages in thread
From: J. Bruce Fields @ 2009-10-23 19:00 UTC (permalink / raw)
To: Ben DJ; +Cc: linux-nfs
On Fri, Oct 23, 2009 at 11:32:44AM -0700, Ben DJ wrote:
> Hello,
>
> I'm building an NFSv4 FileServer. My goal is to service multiple
> machines on a LAN, each with their own, isolated namespace (I'm not
> sure that's the right terminology).
>
> Reading the man page it seems that only ONE fsid=0 export is allowed
> per server. And that subdirectories of that root CAN be exported, but
> always under the same/one root.
>
> That doesn't seem like "good isolation" to me.
>
> My goal would be to export, for example
>
> /nfs1 & it's subdirs ONLY to LAN box1
> /nfs2 & it's subdirs ONLY to LAN box2
> etc
Multiple export namespaces aren't currently supported.
I'd like to some day, though I'd prefer to vary the namespace based on
server ip address instead of by client ip address.
But for now I'd think just something like:
/nfs *(ro,fsid=0,...)
/nfs/1 box1(rw,nohide,crossmnt)
/nfs/2 box2(rw,nohide,crossmnt)
should server your purposes. box1 will still be able to see that a
directory named /nfs/2 exists, but it shouldn't be able to descend into
it. (And vice-versa for box2 and /nfs/1.)
--b.
> I've seen some mentions & discussion online of multiple-fsid's, where
> /nfs1 would be exported as a root under fsid=0, /nfs2 under fsid=1,
> etc.
>
> But this approach doesn't look like its currently supported or
> recommended. Even if it was I haven't found anything that says how a
> nfsv4 client would ADDRESS the specific fsid's. Something in the
> mount's URI I guess.
>
> I know I might still be stuck in NFSv3 thinking about this, and NFSv4
> subdirs might be isolated "well enough".
>
> BenDJ
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: are multiple FSIDs supported?
2009-10-23 19:00 ` J. Bruce Fields
@ 2009-10-23 19:09 ` Ben DJ
0 siblings, 0 replies; 3+ messages in thread
From: Ben DJ @ 2009-10-23 19:09 UTC (permalink / raw)
To: J. Bruce Fields; +Cc: linux-nfs
Hi Bruce,
On Fri, Oct 23, 2009 at 12:00 PM, J. Bruce Fields <bfields@fieldses.org=
> wrote:
>> My goal would be to export, for example
>>
>> =A0/nfs1 & it's subdirs ONLY to LAN box1
>> =A0/nfs2 & it's subdirs ONLY to LAN box2
>> =A0etc
>
> Multiple export namespaces aren't currently supported.
>
> I'd like to some day, though I'd prefer to vary the namespace based o=
n
> server ip address instead of by client ip address.
>
> But for now I'd think just something like:
>
> =A0 =A0 =A0 =A0/nfs =A0 =A0*(ro,fsid=3D0,...)
> =A0 =A0 =A0 =A0/nfs/1 =A0box1(rw,nohide,crossmnt)
> =A0 =A0 =A0 =A0/nfs/2 =A0box2(rw,nohide,crossmnt)
>
> should server your purposes. =A0box1 will still be able to see that a
> directory named /nfs/2 exists,
There are a few situations where I'm going to have to figure out a way
around this. I.e., where I don't want boxes to even "be able to see"
other boxes' dirs.
> but it shouldn't be able to descend into
> it. =A0(And vice-versa for box2 and /nfs/1.)
Thanks for the suggestion and explanation. I'd seen the crossmnt
option, but didn't understand how it was really different than nohide.
BenDJ
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-10-23 19:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-10-23 18:32 are multiple FSIDs supported? Ben DJ
[not found] ` <babafd2f0910231132n464da0crc2a5cc0427af9a40-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-10-23 19:00 ` J. Bruce Fields
2009-10-23 19:09 ` Ben DJ
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox