[ On Saturday, June 30, 2001 at 16:48:49 (-0700), Greywolf wrote: ]
> Subject: Re: Mountd & /etc/exports
>
> On Sat, 30 Jun 2001, maximum entropy wrote:
> # 
> # /usr/export -maproot=root -alldirs testme.bluefeathertech.com

That "-alldirs" shouldn't have to be there, I think....

> # If /usr/export isn't its own filesystem, do this instead:
> # 
> # /usr -maproot=root -alldirs testme.bluefeathertech.com
> 
> Again, you shouldn't have to do this.  It's a bug which should probably
> be send-pr'd.

It's a design limitation that can't really be fixed easily.

You should really only have filesystem mountpoints exported, with or
without '-alldirs'.  I think that's what this sentence from the
exports(5) manual is trying to say:

                                        A host may be specified only once for
     each local filesystem on the server and there may be only one default en-
     try for each server filesystem that applies to all other hosts.

That's because right now all this stuff is stored in the kernel as
mount(2) options and thus can only be stored once per mount point (note
there's not even any place to store the actual directory name.  See my
related thread in current-users:  very weird NFS/VND error during "make
depend" of kernel....

If you export multiple directories from the same filesystem you'll see
when you do "/sbin/mount" that only the mount point is listed and indeed
as the manual also warns:

                                       A client can still access the whole
     filesystem via individual RPCs if it wanted to, even if just one subdi-
     rectory has been mounted.

If I understand things correctly the initial client mount request is
checked for authorisation by mountd, which is why you can only mount
explicitly listed directories (unless '-alldirs' is specified) and then
every file access is checked by the kernel but only to make sure it's in
the same filesystem.

The documentation, and indeed even the implementation, certainly leave
some things to be desired, though perhaps what you've expressed desire
for just isn't possible within the NFS protocol design.  The
documentation should not have lead you down the garden path promising
such fruits were there for the picking.  In fact the implementation
should maybe even be made more restrictive and force only local mount
points to be listed, requiring '-alldirs' should a client want to mount
some subset of a filesystem.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>     <woods@robohack.ca>
Planix, Inc. <woods@planix.com>;   Secrets of the Weird <woods@weird.com>