Dy>On Saturday 17 May 2003 13:23, Constant Brouerius van Dy>Nidek wrote: Dy>> Or should that be adjusted too? Dy>sounds like you're halfway there. Your /etc/exports Dy>file on the server (host) Dy>side should look something like this: Dy>/ *(rw) Dy>/home *(rw) Dy>/drdos *(rw) Exactly what I have. Dy>and the /etc/fstab on the client(s) should contain Dy>something like: Dy>server:/ /network nfs defaults 0 0 Dy>server:/home /network/home nfs defaults 0 0 Dy>server:/drdos /network/drdos nfs defaults 0 0 My servers name is bigone, my network constant.net Should that mean that the second part, network, is constant.net? Always thought that the second column should be the mountpoint. Or do you say I should make a new mountpoint with the name network? It does not work yet ;-( Dy>remember each file must have a blank like at the end, Dy>and nfs can get picky Dy>about extraneous whitespace in /etc/exports Dy>That will put the exported filesystems in the same Dy>relative place on the Dy>clients (i.e. as if /network was the server's root fs) Dy>This is not Dy>necessarily a good thing - if for some reason the Dy>server's root export fails Dy>to mount, for example, then the other mounts will also Dy>fail. It would be Dy>better to put them in, e.g. /network/root /network/home Dy>and /network/drdos to avoid these issues. Dy>Also, unless there is good reason to then the root fs Dy>(server:/) shouldn't be Dy>exported, especially rw, but at least you don't have Dy>no_root_squash set as Dy>that is extremely unsafe. Also, you should at least use Dy>your local network as access list (e.g.) Dy>/home 192.168.15.0/24(rw) You lost me there. Where does this access list thingy enter the business? Dy>so that you can be more certain where connections are Dy>coming from. Lastly, if Dy>you are nfs mounting user home directories, you need Dy>the no_all_squash export Dy>option so that users have proper privelidges on their Dy>files. See man exports Dy>and man mount (and refs there) for plenty more info. That is where I am afraid of. I do not see through at the moment. Any man page more and I surrender ;-). -- ! Not on your life ! NTReader v0.36w(P)/Beta (Registered) in conjunction with Net-Tamer.
On Saturday 17 May 2003 18:48, Constant Brouerius van Nidek wrote:
Dy>On Saturday 17 May 2003 13:23, Constant Brouerius van Dy>Nidek wrote: Dy>> Or should that be adjusted too?
Dy>sounds like you're halfway there. Your /etc/exports Dy>file on the server (host) Dy>side should look something like this:
Dy>/ *(rw) Dy>/home *(rw) Dy>/drdos *(rw)
Exactly what I have.
Dy>and the /etc/fstab on the client(s) should contain Dy>something like:
Dy>server:/ /network nfs defaults 0 0 Dy>server:/home /network/home nfs defaults 0 0 Dy>server:/drdos /network/drdos nfs defaults 0 0
My servers name is bigone, my network constant.net Should that mean that the second part, network, is constant.net? Always thought that the second column should be the mountpoint. Or do you say I should make a new mountpoint with the name network?
No, I just used 'network' as the name of the mountpoint, but I see that's confusing. Having said that, there's no reason why the mountpoint can't have the same name as the network.
It does not work yet ;-(
You have created a directory on the client for the mountpoint(s)? So if you are using the fstab entries I gave you'd need a /network directory on the client. Can you post the restults of rpcinfo on the server and client?
Dy>remember each file must have a blank like at the end, Dy>and nfs can get picky Dy>about extraneous whitespace in /etc/exports
Dy>That will put the exported filesystems in the same Dy>relative place on the Dy>clients (i.e. as if /network was the server's root fs) Dy>This is not Dy>necessarily a good thing - if for some reason the Dy>server's root export fails Dy>to mount, for example, then the other mounts will also Dy>fail. It would be Dy>better to put them in, e.g. /network/root /network/home Dy>and /network/drdos to avoid these issues.
Dy>Also, unless there is good reason to then the root fs Dy>(server:/) shouldn't be Dy>exported, especially rw, but at least you don't have Dy>no_root_squash set as Dy>that is extremely unsafe. Also, you should at least use Dy>your local network as access list (e.g.) Dy>/home 192.168.15.0/24(rw)
You lost me there. Where does this access list thingy enter the business?
In your exports file, the asterisk before the open bracket represents which (sub)networks are allowed to mount the exported directory with the specified options. At the moment (because the asterisk matches any value), you are exporting to the world, so anyone who can make an nfs connection to the server machine can mount and access the exported directories. If you replace the 192.168.15.0/24 with the network-address/subnet-mask of your local network you will restrict access to only machines inside your site (in theory.) HTH Dylan -- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg
participants (2)
-
Constant Brouerius van Nidek
-
Dylan