[linux] SOLVED VYRIESENE::Neither 'subtree_check' or 'no_subtree_check' specified for export "10.17.24.0/255.255.255.0:/opt/dir". Assuming default behaviour ('subtree_check').

Jan Kunder jan.kunder na gmail.com
Úterý Září 19 21:05:02 CEST 2006


Ahoj.
(Pocas pisania som nasiel aj odpoved, ale zasielam linky - niekomu sa 
moze zist SOLVED VYRIESENE)

OTAZKA::
Setting up nfs-kernel-server (1.0.10-1) ...
Stopping NFS kernel daemon: mountd nfsd.
Unexporting directories for NFS kernel daemon....
Exporting directories for NFS kernel daemon...exportfs: /etc/exports 
[5]: Neither 'subtree_check' or 'no_subtree_check' specified for export 
"10.17.24.0/255.255.255.0:/opt/dir".
   Assuming default behaviour ('subtree_check').
   NOTE: this default will change with nfs-utils version 1.1.0
.
Starting NFS kernel daemon: nfsd mountd.


====
ODPOVED::

http://www.linux-tutorial.info/modules.php?name=ManPage&sec=5&page=exports
http://wiki.debian.org/?SecuringNFS
==
        no_subtree_check
               This  option  disables  subtree checking, which has
               mild security implications, but can improve  relia­
               bility is some circumstances.

               If  a subdirectory of a filesystem is exported, but
               the whole filesystem  isn't  then  whenever  a  NFS
               request  arrives,  the  server  must check not only
               that  the  accessed  file  is  in  the  appropriate
               filesystem  (which  is easy) but also that it is in
               the exported tree (which is harder). This check  is
               called the subtree_check.

               In  order  to  perform  this check, the server must
               include some information about the location of  the
               file  in  the  "filehandle"  that  is  given to the
               client.  This can  cause  problems  with  accessing
               files that are renamed while a client has them open
               (though in many simple cases it will still work).

               subtree checking is also used  to  make  sure  that
               files  inside  directories  to  which only root has
               access can only be accessed if  the  filesystem  is
               exported  with no_root_squash (see below), even the
               file itself allows more general access.

               As a general guide, a  home  directory  filesystem,
               which  is normally exported at the root and may see
               lots of file renames, should be exported with  sub­
               tree  checking  disabled.   A  filesystem  which is
               mostly readonly, and at least doesn't see many file
               renames (e.g. /usr or /var) and for which subdirec­
               tories may be exported, should probably be exported
               with subtree checks enabled.

               The  default  of having subtree checks enabled, can
               be explicitly requested with subtree_check
==
  	Very often, it is not desirable that the root  user  on  a
        client  machine  is  also  treated  as root when accessing
        files on the NFS server. To this end, uid  0  is  normally
        mapped  to  a  different  id:  the  so-called anonymous or
        nobody uid. This mode of operation (called  `root  squash­
        ing')   is  the  default,  and  can  be  turned  off  with
        no_root_squash.

        no_root_squash
               Turn off root squashing. This option is mainly use­
               ful for diskless clients.

        all_squash
               Map all uids and gids to the anonymous user. Useful
               for NFS-exported public FTP directories, news spool
               directories,   etc.   The   opposite   option    is
               no_all_squash, which is the default setting.

        anonuid and anongid
               These options explicitly set the uid and gid of the
               anonymous account.  This option is primarily useful
               for  PC/NFS  clients,  where  you  might  want  all
               requests appear to be from one user. As an example,
               consider  the  export  entry  for  /home/joe in the
               example section below, which maps all  requests  to
               uid 150 (which is supposedly that of user joe).





've a nice day!

JK

--
Ing. Jan Kunder
jan.kunder-HATESPAM-gmail.com
http://www.kunder.sk
JKjkjk rozpmnqestka



Další informace o konferenci linux