steve@asylum.gsfc.nasa.gov (Steve Rezsutek) (02/28/91)
I've recently been given charge of a Personal IRIS, and it the process of "bringing it into the fold", have encountered some difficulty in setting up NFS mounts from it to other machines. If I export a file system to the world at large, all seems fine. The difficulty surfaces when I attempt to restrict access to a specific set of machines, using any combination of specifying the hosts and/or the -access= option in /etc/exports: /usr/people -rw,anon=nobody foo bar /usr/people -rw,anon=nobody foo.my.domain bar.my.domain /usr/people -rw,anon=nobody,-access=foo:bar and even /usr/people -rw,anon=nobody,-access=foo:bar foo bar all have the same effect, namely to deny *all* access, period. Curiously(?), this setup *does* work, even though it isn't what I'm after: /usr/people -rw=foo:bar,anon=nobody The other machines (Sun3s and DECstations) seem to function properly when asked to behave in this manner. The machines are all in each others hosts tables, and I am not currently using NIS [nee YP]. The IRIS is running IRIX 3.3.1, the NFS is "the latest" so far as I know. I was not able to find a solution in the documentation, and the machine has no support contract at this time, so I am somewhat at a loss. Am I missing something blatent here, or is there a real problem? Any and all help or suggestions would be greatly appreciated. Thanks in advanve Steve
townsend@RAINBOW.UCHICAGO.EDU ("R. Michael Townsend") (02/28/91)
Steve, I do lots of nfs mounts of all sorts, and they seem to work just fine. All you should need is: /usr/people -access=foo.my.domain:bar.my.domain,rw if this doesn't work try: /usr/people -access=foo:bar,rw Remember to do a 'exportfs -a' after making the changes, you can verify what's really being exported by examining the /etc/xtab file. Also it is my understanding that once you give an access list the rest of the world no longer has access. R. Michael Townsend Univ. of Chicago