I want to share /share/foo
and /share/bar
etc via NFS on CentOS.
I ran into this common problem:
mount.nfs4: mounting 192.168.101.254:/share/foo failed, reason given by server: No such file or directory
The solution seems to be to export the parent directory /share
with fsid=0
and then mount commands on the client use paths relateive to /share
, i.e.
server exports file:
/share 192.160.0.0/16(rw,fsid=0)
/share/foo 192.160.0.0/16(ro)
/share/bar 192.160.0.0/16(ro)
client fstab:
192.168.101.254:/foo /share/foo nfs4 intr
But if I want to export this from the server:
/share/private 192.168.101.123(ro)
then won't this be available on machines other than 192.168.101.123
because many addresses have access to /share
and its subdirectories?
If so, this is an unacceptable security hole. If not, what is my assurance that no client can access /share/private
despite the fact that they can access /share
?
In summary, I need the server to export /share/foo
, /share/bar
, and /share/private
to different client machines over nfs4.
Best Answer
The best way to handle this is to use bind mounts: create a folder just for NFS exports:
and then add this to your /etc/fstab:
The /etc/exports is exactly the same, save with /share replaced by /srv/nfs. Also be sure and assign unique fsid's to the foo and bar entries in /etc/exports.