Frank Batschulat (Home) wrote: > On Tue, 09 Dec 2008 21:11:40 +0100, Tom Haynes <Thomas.Haynes at sun.com> > wrote: > > >> Kyle McDonald wrote: >> >>> Tom Haynes wrote: >>> >>>> Kyle McDonald wrote: >>>> >>>>> Functionally what's the difference between allowing root nfs access >>>>> with root=*, and allowing it with anon=0? >>>>> >>>>> I have a JumpStart filesystem that was shared through >>>>> /etc/dfs/dfstab with '-o sec=sys,ro,anon=0'. On this file system >>>>> there are files that are owned by root and mode 600. During >>>>> jumpstart these files can be copied fine. >>>>> >>>>> WHen I was converting to use sharemgr, at first I missed the fact >>>>> that it has an 'anon=0' option, and decided to used 'root=*' >>>>> instead. For some reason this broke things, those same files >>>>> couldn't be copied. >>>>> >>>>> Switching back to 'anon=0' fixed things again. >>>>> >>>>> Why? >>>>> >>>>> The onnly difference I can see is that root= allows a list of hosts, >>>>> but when used with an * it should work the same as anon=0 right? >>>>> >>>>> >>>>> >>>> You can't use root with a '*'. >>>> >>> Then the sharemgr man page needs updating. :) >>> >>> It says that the syntax is root=access_list, where an access_list is >>> any of: *, hostname, netgroup, domainname.suffix, or network. >>> >>> >> Okay, I always go to share and not sharemgr. And I know from my >> experience with share, that root does >> not support wildcards... >> >> I agree that the sharemgr(1M) man page states that a '*' is allowed for >> an access_list. >> >> I also agree that I think it is not working. >> >> If also think the '*' is not working for rw: >> >> [root at jhereg ~]> sharemgr create mygroup >> [root at jhereg ~]> sharemgr add-share -s /tomper mygroup >> [root at jhereg ~]> sharemgr set -P nfs -S sys -p root=\*,rw=\* mygroup >> [root at jhereg ~]> share >> foo at mygroup /tomper sec=sys,root=*,rw=* "" >> >> And: >> >> [root at pnfs-9-25 ~]> mount jhereg:/tomper /tomper >> nfs mount: mount: /tomper: Permission denied >> [root at pnfs-9-25 ~]> mount -o vers=4,sec=sys jhereg:/tomper /tomper >> nfs mount: mount: /tomper: Permission denied >> >> If I make the change: >> >> [root at jhereg ~]> sharemgr set -P nfs -S sys -p root=\*,rw mygroup >> [root at jhereg ~]> share >> foo at mygroup /tomper sec=sys,root=*,rw "" >> >> And: >> >> [root at pnfs-9-25 ~]> mount -o vers=4,sec=sys jhereg:/tomper /tomper >> [root at pnfs-9-25 ~]> cd /tomper >> [root at pnfs-9-25 /tomper]> touch jilted >> [root at pnfs-9-25 /tomper]> ls -la >> total 287055 >> drwxrwxrwx 3 th199096 staff 512 Dec 9 14:06 . >> drwxr-xr-x 36 root root 38 Dec 8 14:10 .. >> -rw-r--r-- 1 th199096 staff 83610 Dec 8 14:21 aaaa >> -rw-r--r-- 1 root root 6904 Dec 8 14:23 acl.snoop >> -rw-r--r-- 1 root root 7416 Dec 8 14:20 aclv4.snoop >> drwxr-xr-x 3 th199096 staff 512 Dec 4 03:10 archives-nightly-osol >> -rw-r--r-- 1 th199096 staff 80146 Dec 8 14:24 av3 >> -rw-r--r-- 1 nobody nobody 0 Dec 2 17:46 eg >> -rw-r--r-- 1 th199096 staff 0 Dec 2 16:21 it >> -rw-r--r-- 1 nobody nobody 0 Dec 9 14:06 jilted >> >> We see that it was created with the wrong uid/gid. >> >> I think you should submit a bug. >> > > I've filed > > 6784573 sharemgr and access_list=* do not get along > http://monaco.sfbay/detail.jsf?cr=6784573 > > to keep track of this issue. > I also mentioned this in the bug I filed yesterday about all the other sharemgr inconsistencies I found. I dont' have a CR# for that one yet though.
-Kyle > >> IMHO, the share output should have shown something like the second >> output for the >> rw=* case. >> _______________________________________________ >> nfs-discuss mailing list >> nfs-discuss at opensolaris.org >> >> > > > >
