-------- Original Message -------- On 7/17/25 16:09, Kenneth Gober wrote: On Thu, Jul 17, 2025 at 7:13 AM otto.cooper <otto.coo...@proton.me> wrote: Suppose you are legally bound by the following local policy:
1. /archive is subject to daily backups; 2. all exported folders must be /archive subfolders; 3. not all subfolders of /archive can be exported; 4. each exported folder has limited visibility (e.g. LAN group A can only access /archive/A, LAN group B can only access /archive/B) If you write an export folder outside /archive, you go to jail because of policy #2. If you use --alldirs, you go to jail because of policy #3 and #4. What do you do? Don't use --alldirs. If each exported folder has limited visibility anyway, there is no reason you would even want someone to have access to all folders, which is what --alldirs would do. You pose the question as if your choices are to use --alldirs and violate policies #3 and #4, or not use --alldirs and violate policy #2. But policy #2 has nothing to do with -alldirs. All policy #2 says is you can't export things outside of /archive, such as /root, or /usr/local, or /home/jdoe. -ken Because alldirs was the only way to export different paths to specific clients. /export/folder1 -alldirs client1 client2 client3 /export/folder2 -alldirs client1 client2 /export/folder3 -alldirs client1
