On Sat, Jan 27, 2007 at 11:17:54AM +0100, Edgar Fu? wrote:
>> if we have in exports
>> 
>> /usr/local/pub/sandbox -rw
>> 
>> and the /usr partition is a single filesystem. remote clients
>> have rw for anything in /usr
>I usually work around this (I hope!) by putting a null mount in between.
>E.g. null-mount /usr/local/pub/sandbox to /export/sandbox and NFS-export that.
>I hope I'm correct to believe that the filesystem the export is now limited to
>is /export/sandbox in that case.

When I started the thread 
Date: Wed, 17 Jan 2007 21:43:00 -0500                                                                                                
To: netbsd-users@netbsd.org
it was because I couldn't export a directory -ro when I already
had a -rw export on the same filesystem. I moved it over to
security when it became apparent that regardless of using
null-mount, NFS exposes the entire _filesystem_ when a given mount
point is exported. you have to figure out file handles or some
such but it seems you can just ask for every inode until you get
one outside the mount point.

// George

-- 
George Georgalis, systems architect, administrator <IXOYE><