Kyle McDonald wrote: > Tom Haynes wrote: >> Kyle McDonald wrote: >>> Functionally what's the difference between allowing root nfs access >>> with root=*, and allowing it with anon=0? >>> >>> I have a JumpStart filesystem that was shared through >>> /etc/dfs/dfstab with '-o sec=sys,ro,anon=0'. On this file system >>> there are files that are owned by root and mode 600. During >>> jumpstart these files can be copied fine. >>> >>> WHen I was converting to use sharemgr, at first I missed the fact >>> that it has an 'anon=0' option, and decided to used 'root=*' >>> instead. For some reason this broke things, those same files >>> couldn't be copied. >>> >>> Switching back to 'anon=0' fixed things again. >>> >>> Why? >>> >>> The onnly difference I can see is that root= allows a list of hosts, >>> but when used with an * it should work the same as anon=0 right? >>> >>> >> >> You can't use root with a '*'. > Then the sharemgr man page needs updating. :) > > It says that the syntax is root=access_list, where an access_list is > any of: *, hostname, netgroup, domainname.suffix, or network. >
Okay, I always go to share and not sharemgr. And I know from my experience with share, that root does not support wildcards... I agree that the sharemgr(1M) man page states that a '*' is allowed for an access_list. I also agree that I think it is not working. If also think the '*' is not working for rw: [root at jhereg ~]> sharemgr create mygroup [root at jhereg ~]> sharemgr add-share -s /tomper mygroup [root at jhereg ~]> sharemgr set -P nfs -S sys -p root=\*,rw=\* mygroup [root at jhereg ~]> share foo at mygroup /tomper sec=sys,root=*,rw=* "" And: [root at pnfs-9-25 ~]> mount jhereg:/tomper /tomper nfs mount: mount: /tomper: Permission denied [root at pnfs-9-25 ~]> mount -o vers=4,sec=sys jhereg:/tomper /tomper nfs mount: mount: /tomper: Permission denied If I make the change: [root at jhereg ~]> sharemgr set -P nfs -S sys -p root=\*,rw mygroup [root at jhereg ~]> share foo at mygroup /tomper sec=sys,root=*,rw "" And: [root at pnfs-9-25 ~]> mount -o vers=4,sec=sys jhereg:/tomper /tomper [root at pnfs-9-25 ~]> cd /tomper [root at pnfs-9-25 /tomper]> touch jilted [root at pnfs-9-25 /tomper]> ls -la total 287055 drwxrwxrwx 3 th199096 staff 512 Dec 9 14:06 . drwxr-xr-x 36 root root 38 Dec 8 14:10 .. -rw-r--r-- 1 th199096 staff 83610 Dec 8 14:21 aaaa -rw-r--r-- 1 root root 6904 Dec 8 14:23 acl.snoop -rw-r--r-- 1 root root 7416 Dec 8 14:20 aclv4.snoop drwxr-xr-x 3 th199096 staff 512 Dec 4 03:10 archives-nightly-osol -rw-r--r-- 1 th199096 staff 80146 Dec 8 14:24 av3 -rw-r--r-- 1 nobody nobody 0 Dec 2 17:46 eg -rw-r--r-- 1 th199096 staff 0 Dec 2 16:21 it -rw-r--r-- 1 nobody nobody 0 Dec 9 14:06 jilted We see that it was created with the wrong uid/gid. I think you should submit a bug. IMHO, the share output should have shown something like the second output for the rw=* case.
