[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-bugs
Subject:    Re: NFS exports everything (fwd)
From:       guenther () openbsd ! org
Date:       2019-06-19 22:59:48
Message-ID: alpine.BSO.2.21.1906191555570.2167 () morgaine ! local
[Download RAW message or body]

On Wed, 19 Jun 2019, Roderick wrote:
> Sure a bug. Good night. Rod.
...
> I have in /etc/exports only the following line:
> 
> /home/exp/nfs  -alldirs  -ro  -network=10.0.0.0  -mask=255.255.255.0
> 
> I start the nfs service either with "rcctl -f start portmap mountd nfsd" or
> with "portmap; mountd; nfsd -u -t -n 4".
> 
> Then I can mount *any* directory in the client, for example:
> 
> I do not remember that this is normal. Is it??????!!!!

Yes, it's even documented in exports(5):

BUGS
...
     Regarding -alldirs, because NFS mount filehandles are filesystem wide the
     -alldirs option applies to exports of the entire filesystem — even
     mountpoints that are higher up elsewhere in the directory hierarchy.
     Hence if the server has a filesystem /export and you wished to export the
     sub-directory

           /export/root/client -alldirs client.foo.com

     you must realize that this also allows mounts to be requested against
     other locations in the /export filesystem; thus the host client.foo.com
     is also permitted to mount the directory /export/root/client2 if it
     exists.


The classic workaround is to put what you're exporting on its own 
filesystem.



Philip Guenther

[prev in list] [next in list] [prev in thread] [next in thread]