Path: utzoo!attcan!uunet!lll-winken!ames!ncar!husc6!rice!sun-spots-request From: phil@hypatia.rice.edu (William LeFebvre) Newsgroups: comp.sys.sun Subject: Grrr....exports stupidities under 4.0.1 Keywords: SunOS Message-ID: <4478.phil.hypatia@Rice> Date: 18 May 89 17:52:02 GMT Sender: usenet@rice.edu Organization: Sun-Spots Lines: 49 Approved: Sun-Spots@rice.edu X-Sun-Spots-Digest: Volume 7, Issue 299, message 5 of 13 Now it wouldn't be all that unusual to want to export a given partition as read-only to a whole bunch of machines and read-write to a small number of machines, would it? Let's see how difficult Sun makes it for us. Let's say that I have two netgroups: cs and ee. I also have a file system that I want all the cs machines to have read-write access to. But, some people in the ee group also need access to it. Since they only want to read from that partition, I'd like to set it up so they can't mount it read/write. This just makes me feel like I have more control over the systems I manage. Well, a quick glance at exports(5) leads me to use the following entry: /dir -ro,access=cs:ee,rw=cs "Hey, wow," I say, "this exports stuff is pretty simple to use." But woe is me when exportfs says "cs: unknown host." Closer scrutiny of exports(5) unearths the obscure but important fact that netgroups can *only* be used in the "access" option. Just for kicks I tried two separate entries for the same file system. As I suspected, it only paid attention to one of them. So what this boils down to is that you can only specify one set of netgroups per file system, and that entire set must have identical mount privileges. This does not sit well with me. Not in the least. And before some wise guy tells me that I can just list all the hosts I need in the "rw=" option ("rw=a:b:c:d:...") let me say that, in our case, there are almost 60 hosts in the cs netgroup, and it does change from time to time. I am *not* going to do that! I also see no provisions for wild-carding domain names, as in "*.cs.rice.edu", which would be an interesting alternative to those deprived of using netgroups. So there really is no way to have different mounting privileges for different netgroups. Maybe I'm weird, but I sure think that would be a useful feature (and not particularly hard, either). Gee, thanks Sun! William LeFebvre Sun-Spots moderator Department of Computer Science Rice University