On 3/29/19 12:56 PM, James Pearson wrote:
> Frank Thommen wrote:
>>
>> I would like to use the NFSv4 ability to create a "root" filesystem with
>> fsid=0, so that I don't have to refer to the whole path of the exported
>> filesystem when I mount it. However I do *not* want this root
>> filesystem to be mountable by any host. Is that possible and how?
>>
>> E.g
>> Filesystem:
>> /exports/data1
>> /exports/data2
>> /exports/data3
>>
>> /etc/exports:
>> /exports *(ro,no_subtree_check,fsid=0)
>> /exports/data1 host1(rw)
>> /exports/data2 host1(rw)
>> /exports/data3 host2(rw)
>>
>>
>> host1 and host2 can mount fileserver:/ and access any of the dataN
>> directories at least read-only. That is unwanted. I'd like
>> /exports/data1 and /exports/data2 to be exclusively accessible by host1
>> and /exports/data3 by host2. But I'd still like to be able to mount
>> e.f. as fileserver:/data1 instead of fileserver:/exports/data1.
>>
>> I've search around a lot and I have found the question several times,
>> but no solution yet.
>
> It appears to work for me ... host1 will still see data3 under the mount
> point - but its contents will be empty - similarly, host2 will see data1
> and data2 under the mount point, but their contents will be empty
>
> Or have I missed something ?
>
> James Pearson
>
[better late then never...]
You haven't missed anything and /we/ made a mistake: We hadn't
realized, that "fsid" relates to "real" filesystems and not just
directories. We had this
/storage /exports none bind 0 0
in /etc/fstab, which made all individual shares (subdirectories of
/storage) members of the same fsid and hence they had the same export
settings applied. After changing the bind mounts to
/storage/data1 /exports/data1 none bind 0 0
/storage/data2 /exports/data2 none bind 0 0
all exports now work as expected.
Cheers
frank