Re: mount a mounted filesystem
On Fri, Mar 30, 2001 at 08:39:48AM -0600, Dave Sherohman wrote:
> On Fri, Mar 30, 2001 at 12:50:31AM -0800, Karsten M. Self wrote:
> > I'm not familiar with NFS, but believe that an export will not traverse
> > filesystems. If you think about it, this is a good thing.
>
> You are correct and it is absolutely a Good Thing for reasons other than the
> situation you brought up. If an NFS-mounted filesystem could be reexported,
> the original server (where the fs physically resides) would lose the ability
> to restrict which clients could mount it.
>
> --
PMFJI
You can't rely on the other guy following the rules if you want a
secure system. If you mount an nfs volume, or smb share, you can
reexport it, there is nothing that the server can do to prevent you. All
the server can do is limit the permissions of whoever initially mounted
the share (remote mounted that is) So that the remote client cannever
gove anyone higher permissions than they have.
From memory, I believe there is a way to reexport remote filesystems
with the std linux tools, but I am having a devil of a time remembering
it.
Ah, found it, man nfsd for details, but re-export is an option. (This
is for the userland nfs server.) Also man mountd shows a re-export
option that includes nfs and smb volumes.
--
Jim Richardson
Anarchist, pagan and proud of it
WWW.eskimo.com/~warlock
Linux, because life's too short for a buggy OS.
Reply to: