From patchwork Fri May 20 13:38:14 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Pearson X-Patchwork-Id: 803302 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter2.kernel.org (8.14.4/8.14.3) with ESMTP id p4KDcMeP022256 for ; Fri, 20 May 2011 13:38:22 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933755Ab1ETNiU (ORCPT ); Fri, 20 May 2011 09:38:20 -0400 Received: from mpc-26.sohonet.co.uk ([193.203.82.251]:58839 "EHLO moving-picture.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933714Ab1ETNiR (ORCPT ); Fri, 20 May 2011 09:38:17 -0400 Received: from cassini.mpc.local ([172.16.15.37] helo=moving-picture.com) by moving-picture.com with esmtp (Exim 4.43) id 1QNPuB-00032X-51; Fri, 20 May 2011 14:38:15 +0100 Message-ID: <4DD66EC6.7090706@moving-picture.com> Date: Fri, 20 May 2011 14:38:14 +0100 From: James Pearson User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.6) Gecko/20040524 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "J. Bruce Fields" CC: linux-nfs@vger.kernel.org Subject: Re: How to control the order of different export options for different client formats? References: <4DD2A084.1040905@moving-picture.com> <20110518080106.1159c5b8@notabene.brown> <4DD39D39.7010805@moving-picture.com> <20110518162050.GB16835@fieldses.org> In-Reply-To: <20110518162050.GB16835@fieldses.org> X-Disclaimer: This email and any attachments are confidential, may be legally X-Disclaimer: privileged and intended solely for the use of addressee. If you X-Disclaimer: are not the intended recipient of this message, any disclosure, X-Disclaimer: copying, distribution or any action taken in reliance on it is X-Disclaimer: strictly prohibited and may be unlawful. If you have received X-Disclaimer: this message in error, please notify the sender and delete all X-Disclaimer: copies from your system. X-Disclaimer: X-Disclaimer: Email may be susceptible to data corruption, interception and X-Disclaimer: unauthorised amendment, and we do not accept liability for any X-Disclaimer: such corruption, interception or amendment or the consequences X-Disclaimer: thereof. Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter2.kernel.org [140.211.167.43]); Fri, 20 May 2011 13:38:23 +0000 (UTC) J. Bruce Fields wrote: >>Having a priority option would be a very good idea - and may be in >>the meantime the exports man page should be updated with info about >>the current priority ordering? > > > Sounds good. Could you send in a patch? Here's an attempt - based on the info from Max Matveev earlier in this thread James Pearson to restrict access to clients using rpcsec_gss security. However, this --- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html --- exports.man.dist 2010-09-28 13:24:16.000000000 +0100 +++ exports.man 2011-05-20 14:29:45.555314605 +0100 @@ -92,6 +92,11 @@ '''.B \-\-public\-root '''option. Multiple specifications of a public root will be ignored. .PP +.SS Matched Client Priories +The order in which the different \fIMachine Name Formats\fR are matched +against clients is in the priority order: \fIhostname, IP address or networks, +wildcards, netgroup and anonymous\fR. Entries at the same level are matched +in the same order in which they appear in \fI/etc/exports\fR. .SS RPCSEC_GSS security You may use the special strings "gss/krb5", "gss/krb5i", or "gss/krb5p"