My Original question was:
-----------------------------------------------------------------------
Dear managers,
Hopefully this is not an FAQ. I have the following problem:
System: SS2, sun4c, SUNOS 4.1.3 and
SS Classic, sun4m, SUNOS 4.1.3c
no NIS running (and we do not intend to run it)
host tables and Domain Name System.
Problem: several of our machines export directory structures via NFS
to more than 20 machines (All SUN's running 4.1.3).
Entries in /etc/exports look like this:
Files:
/etc/exports (@exporthost)
/dir1/dir2/dir3 -access=host1:host2:host3:host4:host5:host6:host7:host8:host9:host10:host11
But if the entry is longer than 80 columns
the directory will be exported to everyone. The exportfs
command and the showmount -e exporthost only state that the
directory is exported to the hosts in /etc/exports but I can
mount the directory from every other host which is not in this
list
This problem does not seem to occur if the entry in
/etc/exports is not longer than 1 line. In that case all
restrictions apply as required.
Solution which did not work:
I've installed the SUN NFS Jumbo Patch 100173-10, but the
problem remains.
Question:
Is there any patch or a solution for this problem?
I'll summarize.
Regards
Stephan Deutsch
-----------------------------------------------------------------------
Thank you for the great response, I recieved about 31 answers, which mostly
suggested to use netgroups :-)
mharris@jpmorgan.com (Michael Harris - Portfolio Stratification) pointed out
that the problem was rather one of more than 10 entries instead of 80 columns.
--------------------------------------
I don't believe the limitation is one of 80 columns but rather
there is a limit of 10 entries in an access list.
Fortunately, you can specify netgroups in access lists, so you
can have more than 10 hosts by specifying netgroups with many
hosts.
Its annoying at first, but the added level of indirection can
sometimes be helpful for organizing things.
HTH
mh
--------------------------------------
The solution is obviously to use netgroups. Unfortunately this solution proves
to need NIS. This is not mentioned in the manual page of netgroups, nor in the
manual page of rpc.mountd and exports. It is only mentioned in the printed SUN
documentation for 4.1.x on chapter about /etc/exports and you only get to know
if you are willing to buy SUN's printed docu for about xxxx$. Whatsoever if
you decide to use netgroups you have to install the SUN patch number 100296-04
which solves a 256 chars problem in *netgroups* and not in /etc/exports. But
you are not able to use netgroups if you are not running NIS.
A solution that might work for us and for all people who are not able to run
NIS on the whole network (fi: collisions with DNS or other systems, security
reasons etc.) is to run NIS on the export host only and to use netgroups.
BTW: I strongly recommend everybody who has not done it unitl now to install
the SUN NFS jumbo patch to solve the terrible security problems involved in
the unpatched NFS system of SUN OS 4.1.x.
patch number is: 100173-10
Best Regards
Stephan Deutsch
Thanks to:
glenn@uniq.com.au (Glenn Satchell - Uniq Professional Services)
"Michael R. Zika" <zika@fatman.tamu.edu>
Heas <heas@chpc.org>
gpr@proteon.com (Gary Richardson)
bernards@ECN.NL (Marcel Bernards)
Steinar Haug <Steinar.Haug@runit.sintef.no>
eckhard@ts.go.dlr.de (Eckhard Rueggeberg)
rlyle@nl.oracle.com (Rob Lyle UNIX Sys Admin)
Stefan Hein <hein@tubtmpo1.ee.tu-berlin.de>
bern@kleopatra.Uni-Trier.DE (Jochen Bern)
nagel@post.inf-wiss.ivp.uni-konstanz.de
mills@CC.UManitoba.CA
nagel@post.inf-wiss.ivp.uni-konstanz.de
cc_gucky@rcvie.co.at (Gerhard Holzer)
Dave Hightower <hightower@afwc.af.mil>
hushing@gdwest.gd.com (Sumner Hushing)
Rodney Campbell <rodney@cssc-syd.tansu.com.au>
leclerc@austin.nam.slb.com
Kai Grossjohann <grossjoh@petty.informatik.uni-dortmund.de>
pln@egret1.Stanford.EDU (Patrick L. Nolan)
djiracek@jupiter.fnbc.com (Dan Jiracek)
mike@trdlnk.chi.il.us (Michael Sullivan)
p.elliott@trl.OZ.AU (Paul Elliott)
mharris@jpmorgan.com (Michael Harris - Portfolio Stratification)
Ian MacPhedran <Ian_MacPhedran@engr.usask.ca>
nick@dsd.es.com (Nick Nickerson)
ebumfr@EBU.ericsson.se (Mike Rembis 66520)
erics@fsg.com (Eric Stone - Fusion New York)
penrod@whiplash.er.usgs.gov (Dan Penrod)
sjh@helicon.math.purdue.edu
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:24 CDT