On 2/6/2011 2:17 PM, Anton Aylward wrote:
Marc Chamberlain said the following on 02/06/2011 04:22 PM:
I do NOT understand the reasoning behind having an inconsistent security model It is not inconsistent. One of the 'rules' of NFS is that it won't allow access across a mount point.
Why do you think I have so many entries in my server's "exports"? The server has a big disk, lots of (LVM) partitions.
The 'anton' archive there has mounted file systems for 'business', 'email', 'email-archive', 'development/programming' - each type, downloads, various non-business documents. All quite apart from the other mounted file systems such as /var, /usr, /usr/lib, /usr/share and /local.
So if I mount "Server:/home/anton" on "laptop:/mnt/server/anton" and access it via the ~anton/server symlink, and do
laptop:~> ls server/Mail or laptop:~> ls server/Documents
I will see nothing. The rule is you can't traverse a mount point with NFS.
So when you export "/" and mount it on you laptop and then try accessing a mounted USB
OF COURSE YOU CAN'T ACCESS IT.
I did say that exporting just root and just /home made no sense.
Then it appears that NFS is a dead end for me. I tried to export the mount point itself with the following added to my exports file - /media/My\040Passport 192.168.2.0/255.255.255.0(rw,root_squash,sync,no_subtree_check) which got a whine from the NFS server saying it was unsupported. rcnfsserver restart Shutting down kernel based NFS server: nfsd statd mountd idmapd done Starting kernel based NFS server: idmapdexportfs: Warning: /media/My Passport does not support NFS export. mountd statd nfsd sm-notify done And the export of /media/My Passport is not available to mount on another system. So perhaps you are correct, NFS may not be inconsistent, within its security framework, but this security rule is restricting the usability of our systems and apparently making Linux+NFS an unsuitable choice for our needs. It also breaks the model implied by using simple commands such as cp, mv, chmod, etc. I remain uncomprehending as to why, I as a user/systems admin, cannot use MY system(s) in such a way as to easily meet MY/OUR needs, and this is proving to be a case in point... I still believe that if I don't want all this security I should be able to easily turn it off, or at least have control over it and use easy to understand models and tools to configure it.. That is my choice and risk to take, especially in a small SOHO network on my own systems. I will use security, such as firewalls where needed, but I don't want it getting in my way elsewhere. Accessing a USB drive through a Samba share at least allows read access on a mounted USB drive, and that gets us halfway to what we want. We can see and pull files across the network from a USB drive when accessing it through a Samba share, just can't push files to a USB drive. Perhaps there is a way to get it to allow write access also, I dunno, but at this point I think I will go explore it further... Some questions I do have, does anyone know where HAL/UDEV does the actual mount of a USB drive when it is plugged in? Can those mount options be directly configured? I don't understand how the configuration for usbfs in fstab gets translated into mount options when the device notifier causes the actual mount to occur, (when a USB drive is plugged in) so perhaps pointers to documentation would help... (I have found some high level docs on the internet, but nothing specific yet.) Alternatively, is there a way to give a user, coming in to a system via a cd or mv command though a mount/share, from across a network, the same permissions/capabilities as a local logged in user has? Perhaps that is another approach I could take, if it is possible.. Thanks again in advance... Marc... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org