[CentOS] Mounting NFS subdirectories individually or just the parent?

Wed Jul 27 23:00:49 UTC 2016
Jon LaBadie <jcu at labadie.us>

On Wed, Jul 27, 2016 at 11:40:38PM +0100, Sean Brisbane wrote:
> There is a slight performance related reason for exporting disk partitions
> individually, the performance boost is server-side as Paul says.  The
> advantage is that the no_subtree_check can be used without any additional
> security risk.
> 
> It is probably the case that the /export/base/a is a partition, is exported
> with no_subtree_check, and therefore there is a small performance boost.
> 
> Preventing server side mount point traversal can also form part of a
> security mechanism if servers have different security options for different
> mount points, but in this case mounting server:/export/base wouldn't give
> you the same client view of the filesystem tree as mounting each
> individually if it worked at all.
> 
> Cheers,
> Sean
> 
> On 27 July 2016 at 23:21, Paul Heinlein <heinlein at madboa.com> wrote:
> 
> > On Wed, 27 Jul 2016, Frank Thommen wrote:
> >
> > Hello,
> >>
> >> does it in any respect (throughput/performance, cpu load, I/O load,
> >> resilience, ...) matter, if one mounts subdirectories of an NFS (v3) export
> >> into separate directories or if one just mounts the parent directory?
> >>
> >> I.e. like this:
> >>
> >>  server: /export/base/a -> /mnt/a
> >>  server: /export/base/b -> /mnt/b
> >>  server: /export/base/c -> /mnt/c
> >>  server: /export/base/d -> /mnt/d
> >>  server: /export/base/e -> /mnt/e
> >>
> >> or simply like this:
> >>
> >>  server:/export/base   -> /mnt
> >>
> >
> > Performance wise, any bottleneck will almost certainly be tied to the
> > disks on the back end, not the nfs process itself.
> >
> > There are a couple good reasons for splitting up the mounts:
> >
> > 1. They can have different export restrictions (e.g., for different
> >    client hosts, ro vs. rw permissions, user squashing).
> >
> > 2. /base/[a-e] live on different RAID arrays and might benefit from
> >    different management cycles; that'd also be a case where multiple
> >    exports might be a good idea. That said, I've never managed an
> >    exported filesystem consisting of different arrays; we've always
> >    exported at the RAID level or below.

Exporting them individually also prevents the remote system from
accessing /mnt/[!abcde] that you did not intend to make available.

Jon
-- 
Jon H. LaBadie                 jon at jgcomp.com
 11226 South Shore Rd.          (703) 787-0688 (H)
 Reston, VA  20190              (703) 935-6720 (C)