NFS: directory rw for subset of servers, ro for all others - Aix

This is a discussion on NFS: directory rw for subset of servers, ro for all others - Aix ; I'm trying to do this "simple" thing: - Directory /export/rw is exported with read-write for a subset of servers (server1, server2, server3) - The same directory needs to be Read-Only for all servers, including server1, server2, server3 (more than 200 ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: NFS: directory rw for subset of servers, ro for all others

  1. NFS: directory rw for subset of servers, ro for all others

    I'm trying to do this "simple" thing:

    - Directory /export/rw is exported with read-write for a subset of
    servers (server1, server2, server3)
    - The same directory needs to be Read-Only for all servers, including
    server1, server2, server3 (more than 200 servers in read-only)

    You cannot export the same directory twice. What I did:

    ln -s /export/rw /export/ro

    and then I exported the /export/ro as read-only. Many tests later, I
    found that only server1, server2 and server3 can mount /export/ro!!!
    It is as if AIX export only the "real" directory, no matter on many
    links I put.

    Any ideas, any suggestions?

    What I really want to do: permit only a subset of server to write to
    this directory, but any server can read it. This space will contain
    "configuration files", and I want to be sure that only the servers I
    control can write to this directory. I don't care if any servers, or
    linux workstation, or Windows with Unix services access it to read the
    content.

    Thanks.

    AIX 5.3.3, TL5 SP4, jfs2

  2. Re: NFS: directory rw for subset of servers, ro for all others

    estienne wrote:
    > I'm trying to do this "simple" thing:
    >
    > - Directory /export/rw is exported with read-write for a subset of
    > servers (server1, server2, server3)
    > - The same directory needs to be Read-Only for all servers, including
    > server1, server2, server3 (more than 200 servers in read-only)


    Check the smit nfs screens. The option is read-mostly

  3. Re: NFS: directory rw for subset of servers, ro for all others

    On Apr 23, 10:33 pm, estienne wrote:
    > I'm trying to do this "simple" thing:
    >
    > - Directory /export/rw is exported with read-write for a subset of
    > servers (server1, server2, server3)


    That the solution in case you are using the option -o rw=clien1:....

    > - The same directory needs to be Read-Only for all servers, including
    > server1, server2, server3 (more than 200 servers in read-only)
    >
    > You cannot export the same directory twice. What I did:


    Not quite correct. You can not export the same directory with the same
    NFS version

    >
    > ln -s /export/rw /export/ro

    ?

    >
    > and then I exported the /export/ro as read-only. Many tests later, I
    > found that only server1, server2 and server3 can mount /export/ro!!!
    > It is as if AIX export only the "real" directory, no matter on many
    > links I put.
    >
    > Any ideas, any suggestions?
    >
    > What I really want to do: permit only a subset of server to write to
    > this directory, but any server can read it. This space will contain
    > "configuration files", and I want to be sure that only the servers I
    > control can write to this directory. I don't care if any servers, or
    > linux workstation, or Windows with Unix services access it to read the
    > content.
    >
    > Thanks.
    >
    > AIX 5.3.3, TL5 SP4, jfs2


    Short:
    man exportfs
    ...... -o rw=Client1:Client2:clientN # Also other nodes have only ro
    access.

    Also beware of security limitations with NFS v2/v3 regarding hostname/
    ip take over.
    A secure approach would be to export ro with NFS v3 and rw with NFS v4/
    dce as mentioned in the example section of the man page for exportfs

    You should read also
    Securing NFS in AIX
    An Introduction to NFS v4 in AIX 5L Version 5.3
    http://www.redbooks.ibm.com/Redbooks.../SG247204.html

    hth
    Hajo

+ Reply to Thread