CentOS - Mar 2019 - NFSv4: Using fsid=0 but *not* exporting the root filesystem

Hi,

I would like to use the NFSv4 ability to create a "root" filesystem
with
fsid=0, so that I don't have to refer to the whole path of the exported 
filesystem when I mount it.  However I do *not* want this root 
filesystem to be mountable by any host.  Is that possible and how?

E.g
Filesystem:
   /exports/data1
   /exports/data2
   /exports/data3

/etc/exports:
   /exports         *(ro,no_subtree_check,fsid=0)
   /exports/data1   host1(rw)
   /exports/data2   host1(rw)
   /exports/data3   host2(rw)


host1 and host2 can mount fileserver:/ and access any of the dataN 
directories at least read-only.  That is unwanted.  I'd like 
/exports/data1 and /exports/data2 to be exclusively accessible by host1 
and /exports/data3 by host2.  But I'd still like to be able to mount 
e.f. as fileserver:/data1 instead of fileserver:/exports/data1.

I've search around a lot and I have found the question several times, 
but no solution yet.

Cheers
frank

Frank Thommen wrote:
> 
> I would like to use the NFSv4 ability to create a "root"
filesystem with
> fsid=0, so that I don't have to refer to the whole path of the exported
> filesystem when I mount it.? However I do *not* want this root
> filesystem to be mountable by any host.? Is that possible and how?
> 
> E.g
> Filesystem:
>  ? /exports/data1
>  ? /exports/data2
>  ? /exports/data3
> 
> /etc/exports:
>  ? /exports???????? *(ro,no_subtree_check,fsid=0)
>  ? /exports/data1?? host1(rw)
>  ? /exports/data2?? host1(rw)
>  ? /exports/data3?? host2(rw)
> 
> 
> host1 and host2 can mount fileserver:/ and access any of the dataN
> directories at least read-only.? That is unwanted.? I'd like
> /exports/data1 and /exports/data2 to be exclusively accessible by host1
> and /exports/data3 by host2.? But I'd still like to be able to mount
> e.f. as fileserver:/data1 instead of fileserver:/exports/data1.
> 
> I've search around a lot and I have found the question several times,
> but no solution yet.
It appears to work for me ... host1 will still see data3 under the mount 
point - but its contents will be empty - similarly, host2 will see data1 
and data2 under the mount point, but their contents will be empty

Or have I missed something ?

James Pearson

On 3/29/19 12:56 PM, James Pearson wrote:
> Frank Thommen wrote:
>>
>> I would like to use the NFSv4 ability to create a "root"
filesystem with
>> fsid=0, so that I don't have to refer to the whole path of the
exported
>> filesystem when I mount it.? However I do *not* want this root
>> filesystem to be mountable by any host.? Is that possible and how?
>>
>> E.g
>> Filesystem:
>>   ? /exports/data1
>>   ? /exports/data2
>>   ? /exports/data3
>>
>> /etc/exports:
>>   ? /exports???????? *(ro,no_subtree_check,fsid=0)
>>   ? /exports/data1?? host1(rw)
>>   ? /exports/data2?? host1(rw)
>>   ? /exports/data3?? host2(rw)
>>
>>
>> host1 and host2 can mount fileserver:/ and access any of the dataN
>> directories at least read-only.? That is unwanted.? I'd like
>> /exports/data1 and /exports/data2 to be exclusively accessible by host1
>> and /exports/data3 by host2.? But I'd still like to be able to
mount
>> e.f. as fileserver:/data1 instead of fileserver:/exports/data1.
>>
>> I've search around a lot and I have found the question several
times,
>> but no solution yet.
> 
> It appears to work for me ... host1 will still see data3 under the mount
> point - but its contents will be empty - similarly, host2 will see data1
> and data2 under the mount point, but their contents will be empty
> 
> Or have I missed something ?
> 
> James Pearson
> 
[better late then never...]

You haven't missed anything and /we/ made a mistake:  We hadn't 
realized, that "fsid" relates to "real" filesystems and not
just
directories.  We had this

    /storage  /exports  none  bind  0  0

in /etc/fstab, which made all individual shares (subdirectories of 
/storage) members of the same fsid and hence they had the same export 
settings applied.  After changing the bind mounts to

    /storage/data1  /exports/data1  none  bind  0  0
    /storage/data2  /exports/data2  none  bind  0  0

all exports now work as expected.

Cheers
frank