Network and Storage Protocols

Cannot NFS export as rw and root at the same time

JERONIMO123
6,714 Views

Hi,

When I have this in the etc/exports file:

  /vol/test        -sec=sys,rw=1.2.3.4,root=1.2.3.5,nosuid

I cannot mount the volume on host 1.2.3.5:

  mount.nfs: access denied by server while mounting 1.2.3.1:/vol/test

When I change the exports to have:

  /vol/test        -sec=sys,rw,root=1.2.3.5,nosuid

everything works fine. But I don't want everyone to be rw.

(Yes, I'm doing exportfs -r each time after changing the exports file)

Why would that be?

Thanks.

1 ACCEPTED SOLUTION

billshaffer
6,714 Views

root= does not imply rw= or ro=.  For every entry in root=, you need to specify that it can mount the volume (with rw=/ro=).  So:

/vol/test     -sec=sys, rw=1.2.3.4:1.2.3.5, root=1.2.3.5, nosuid

Bill

View solution in original post

5 REPLIES 5

billshaffer
6,715 Views

root= does not imply rw= or ro=.  For every entry in root=, you need to specify that it can mount the volume (with rw=/ro=).  So:

/vol/test     -sec=sys, rw=1.2.3.4:1.2.3.5, root=1.2.3.5, nosuid

Bill

JERONIMO123
6,714 Views

Simple answer to a simple question, thanks.

Would have been even simpler if that was clearly stated in man na_exports or na_exportfs, .... or I just looked in the wrong place for that info.

billshaffer
6,714 Views

It kind of says so -

Unlike in Data ONTAP releases prior to 6.5, if you spec-

         ify a list of NFS clients with read-write  access  using

         the rw= option, Data ONTAP does not use the ro option as

         the default for all other NFS clients.

This was a pretty big deal when upgrading to 6.5, because the exports had to be scoured to make sure required mount ability wasn't going to go away - which is probably why it sticks in my mind....

Bill

JERONIMO123
6,714 Views

Yeah I read that.

But it doesn't help if you don't know that there is 'rw' or 'ro'  and apart from that optionally the root parameter, so you have in fact five possible access combinations:

- rw+root

- ro+root

- rw

- ro

- nothing (whether with or without root makes no difference as we have seen)

Well now I know and it will never leave my mind 😉

aborzenkov
6,714 Views

Who is allowed to mount is determined by options rw or ro. Your first command line explicitly denies host 1.2.3.5.

Public