Results 1 to 5 of 5

Thread: Can't restrict NFS share access to more than one IP in etc/exports using Yast - BUG or NOOB?

  1. #1
    Join Date
    Aug 2008
    Location
    Brazil
    Posts
    3,034

    Default Can't restrict NFS share access to more than one IP in etc/exports using Yast - BUG or NOOB?

    Yast's NFS server module help says:

    Host Wildcard character defines the hosts that can access the selected directory. It can be a single host, groups, wildcards or IP networks.
    If I enter two IP addresses (separated by a comma), Yast creates the following entries in /etc/exports:

    Code:
    /home/blimmer/share1 192.168.0.13(ro,root_squash,sync,no_subtree_check)
    /home/blimmer/share1 192.168.0.6(ro,root_squash,sync,no_subtree_check)
    Only the first IP can access the share, the second gives permission error.

    But if I manually edit /etc/exports joining both entries in one line, like shown in man exports example, like this:

    Code:
    /home/blimmer/share1 192.168.0.13(ro,root_squash,sync,no_subtree_check)  192.168.0.6(ro,root_squash,sync,no_subtree_check)
    then both boxes can access the share.

    Bug or I'm doing it wrong?

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    14,046
    Blog Entries
    3

    Default Re: Can't restrict NFS share access to more than one IP in etc/exports using Yast - BUG or NOOB?

    The Yast HELP does not mention a comma separated list. And it does refer you to the man page for exports. Personally, I manually edit "/etc/exports" for any tweaking.

    When Yast mentions groups, it is probably referring to NIS groups. I'm not using NIS, so I ignore that.
    openSUSE Leap 15.2; KDE Plasma 5.18.5;

  3. #3
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    3,199

    Default Re: Can't restrict NFS share access to more than one IP in etc/exports using Yast - BUG or NOOB?

    Quote Originally Posted by brunomcl View Post
    Bug or I'm doing it wrong?
    It's either a bug or, a feature …
    • YaST is possibly not conceived as being a tool for configuring multiple machines accessing any given NFS export point, filtered by their individual IP addresses.
    • I'm fairly sure that, YaST can configure wild-card IP address ranges to restrict access to any given NFS export point.

  4. #4
    Join Date
    Aug 2008
    Location
    Brazil
    Posts
    3,034

    Default Re: Can't restrict NFS share access to more than one IP in etc/exports using Yast - BUG or NOOB?

    Quote Originally Posted by nrickert View Post
    The Yast HELP does not mention a comma separated list. And it does refer you to the man page for exports. Personally, I manually edit "/etc/exports" for any tweaking.
    I tried the usual, comma and space delimited lists. Yast won't accept spaces, but it does recognize commas, so... And I did read the man page for exports, that's how I got it working.

    Editing /etc/exports is easy, but as I do it infrequently I never recall the (systemctl?) command to restart nfs, or if there are other processes to restart too, so yast is faster for me. Actually when I edit /etc/exports manually I usually run yast's nfs server module just to restart whatever is necessary. Inefficient, sure, but easier (for forgetful me).

    What occurred to me is if there is a setting in nfs clients, mountd or whatever, that allow multiple fstab entries for the same share, maybe it is disabled by default for some reason. Just idle speculation...

    Thank you for helping.

  5. #5
    Join Date
    Aug 2008
    Location
    Brazil
    Posts
    3,034

    Default Re: Can't restrict NFS share access to more than one IP in etc/exports using Yast - BUG or NOOB?

    Quote Originally Posted by dcurtisfra View Post
    It's either a bug or, a feature …
    • YaST is possibly not conceived as being a tool for configuring multiple machines accessing any given NFS export point, filtered by their individual IP addresses.
    • I'm fairly sure that, YaST can configure wild-card IP address ranges to restrict access to any given NFS export point.
    Feature!

    It's no big deal, really. A GUI front-end could hardly be expected to cover all command line settings options, and Yast is already great as it is.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •