On Wednesday 2023-04-26 18:18, Manfred Hollstein wrote:
My /etc/exports contains the following entries:
/.e/ 192.168.17.0/24(rw,no_root_squash,async,no_subtree_check,fsid=0,crossmnt) /.e/home 192.168.17.0/24(rw,no_root_squash,async,no_subtree_check) /.e/var/lib/samba/shares 192.168.17.0/24(rw,no_root_squash,async,no_subtree_check)
where /.e is a symbolic link to / - moving to NFSv4 I found no other way to export my root file system.
This is by design. """For NFSv4, there is a distinguished filesystem which is the root of all exported filesystem. This is specified with fsid=root or fsid=0 both of which mean exactly the same thing.""" I seem to remember that, once upon a time, to counter the limitation that all exports must have a common root, SUSE's NFS scripts would bind-mount (not symlink) all exports into a directory akin to /.e/ and then export that. However, it seems this is no longer needed and nfs4 just provides that global root on its own. If I put a classy NFS3-ish config with no common root into /etc/exports, e.g. /home/bweebol *(ro) /var/lib *(ro) then mounting localhost:/ to /mnt still works under nfs4, and does The Right Thing™ in that /mnt is only populated with /mnt/home/bweebol and not /mnt/home/someoneelse, and with /var/lib but not /var/adm. If in doubt, one could also explicitly export the actual root directory and just not give any host any practical permission (not even readonly), because nothing can match ::/128: / ::/128(ro) /home/bweebol *(ro) /var/lib/barf *(ro)
When the same mount, which worked once, is tried again (after having umounted it before, of course), I sometimes see the following in the journal:
rpc.mountd[6311]: authenticated mount request from 192.168.17.11:882 for /home (/home)
but the mount hangs and nothing is actually mounted.
There is another aspect of nfs4 worth mentioning: exports are separate namespaces and they get automounted when you enter them. That is, if one mount localhost:/ /mnt -t nfs -o nfsvers=4 && cd /mnt/var/lib/barf then *more* local mounts are generated. `df -Tah` then shows: localhost:/ nfs4 477G 304G 173G 64% /mnt localhost:/var nfs4 477G 304G 173G 64% /mnt/var localhost:/var/lib nfs4 477G 304G 173G 64% /mnt/var/lib Both nfs4 and autofs share the same automounting mechanism. Since nfs4 only has one root and thus also already knows all exports (of one server, anyway), no classic autofs mounts (df -t autofs) or autofsd daemon are needed.