SUMMARY: restricting NFS mounts using netgroups

From: Lloyd C. Cha (lccha@nb.rockwell.com)
Date: Tue Nov 02 1993 - 21:09:17 CST


I received two responses to my query ... one which pointed out the
typo in my message (see above), the other which suggested that NIS
might indeed be caching the old address. I haven't really had much
luck with this either.

Thanks to:
glenn@uniq.com.au (Glenn Satchell - Uniq Professional Services)
eckhard@ts.go.dlr.de (Eckhard Rueggeberg)

Original messages:
------------------
> I've been having problems using the NIS netgroup in restricting NFS
> mounts. My netgroup file has entries of the form:
>
> rock (oden.nb.rockwell.com,,) (oden,,rocknis)
>
> where rocknis is the name of our NIS domain. The /etc/exports file
> has this form:
>
> /disk1 -access=rock,root=sol,io,jove
Whoops ... this was a type. Should be
     /disk1 -access=rock,root=sol:io:jove
>
> When I first set this up, everything seemed to run smoothly. However,
> problems arose when I had to add new hosts or change network addresses
> on existing hosts. The affected hosts would have trouble getting
> permission to mount the directories off the server even though they
> were included in the rock netgroup.
>
> We're running NIS with one master and about five slave servers. We
> have one primary and one secondar DNS server. All our network
> addresses are listed in the primary DNS database.
>
> The most frequent problems occur when moving a host from one subnet to
> another. This involves changing the entries (both address and reverse
> pointer) in the DNS database. The problem is less frequent when
> adding new hosts.
>
> My best guess is that somewhere the old reverse pointer address is
> being cached somewhere. But where? I've also tried restarting the
> mountd process on the server, re-exporting the directories (exportfs
> -u /disk1;exportfs -a), and rebuilding the netgroup list. So far no luck.

RESPONSE:
---------
From: glenn@uniq.com.au (Glenn Satchell - Uniq Professional Services)

ypserv seems to cache the old addresses for some period of time. You
could try killing and restarting ypserv on the nis servers. Also do you
kill -HUP in.named on your DNS secondary to force it to re-read the new
DNS files, or do you just wait for it to download them by itself?

===========================================================================
                        __ * lccha@nb.rockwell.com
| | | | |_ _ * lloyd.cha@nb.rockwell.com
|__ | () \/ ()| |__ | | |_|_ *
           /



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:28 CDT