Stephen Stogner wrote: > Hello, > I am trying to figure out how to have NFS block access to nfs shares on a > IP basis not a user/group basis as I am not running a NIS domain.. > > my problem is when I have 2 configured mounts, > > the machines are able to mount the available NFS mounts. > > I am using these commands to share the commands > > share -F nfs -p -o r...@192.168.0.1/32,ro...@192.168.0.1/32,ro at > 192.168.0.1/32,sec=none /bigmount/big > > > share -F nfs -p -o r...@192.168.0.3/32,ro...@192.168.0.3/32,ro at > 192.168.0.3/32,sec=none /bigmount/small > > Can any one point out what I am doing wrong? > > > This message posted from opensolaris.org > _______________________________________________ > nfs-discuss mailing list > nfs-discuss at opensolaris.org >
Try moving the sec=none to the front. Look at share_nfs(1M) .... Basically, if you don't specify a sec=, it defaults to sec=sys. And one you apply a sec=, all options then start to apply. And if you don't apply any access lists, the default is rw So, your shares are actually: share -F nfs -p -o sec=sys,r...@192.168.0.3/32,ro...@192.168.0.3/32,r...@192.168.0.3/32,sec=none,rw /bigmount/small If you make my change, then you will have: share -F nfs -p -o sec=none,r...@192.168.0.3/32,ro...@192.168.0.3/32,r...@192.168.0.3/32 /bigmount/small Which is what I think you want. Hmm, you also have to think about your intersection of rw and ro. With what you have, share_nfs(1M) states that only clients from 192.168.0.3/32 have read access and no client has write access. ro= trumps any rw or rw= rules. What you probably want is: share -F nfs -p -o sec=none,r...@192.168.0.3/32,ro...@192.168.0.3/32 /bigmount/small This states that only clients from 192.168.0.3/32 have write access (and can also read) and no other client has read access.
