From patchwork Thu Jun 2 13:37:58 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Pearson X-Patchwork-Id: 843712 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter2.kernel.org (8.14.4/8.14.3) with ESMTP id p52Dc7XM005141 for ; Thu, 2 Jun 2011 13:38:07 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752196Ab1FBNiB (ORCPT ); Thu, 2 Jun 2011 09:38:01 -0400 Received: from mpc-26.sohonet.co.uk ([193.203.82.251]:48631 "EHLO moving-picture.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1755555Ab1FBNiA (ORCPT ); Thu, 2 Jun 2011 09:38:00 -0400 Received: from hubble.mpc.local ([172.16.15.46] helo=moving-picture.com) by moving-picture.com with esmtp (Exim 4.43) id 1QS862-00074B-ML; Thu, 02 Jun 2011 14:37:58 +0100 Message-ID: <4DE79236.1080808@moving-picture.com> Date: Thu, 02 Jun 2011 14:37:58 +0100 From: James Pearson User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.6) Gecko/20040524 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "J. Bruce Fields" CC: linux-nfs@vger.kernel.org Subject: Re: How to control the order of different export options for different client formats? References: <4DD2A084.1040905@moving-picture.com> <20110518080106.1159c5b8@notabene.brown> <4DD39D39.7010805@moving-picture.com> <20110518162050.GB16835@fieldses.org> <4DD66EC6.7090706@moving-picture.com> <20110520164147.GA11176@fieldses.org> In-Reply-To: <20110520164147.GA11176@fieldses.org> X-Disclaimer: This email and any attachments are confidential, may be legally X-Disclaimer: privileged and intended solely for the use of addressee. If you X-Disclaimer: are not the intended recipient of this message, any disclosure, X-Disclaimer: copying, distribution or any action taken in reliance on it is X-Disclaimer: strictly prohibited and may be unlawful. If you have received X-Disclaimer: this message in error, please notify the sender and delete all X-Disclaimer: copies from your system. X-Disclaimer: X-Disclaimer: Email may be susceptible to data corruption, interception and X-Disclaimer: unauthorised amendment, and we do not accept liability for any X-Disclaimer: such corruption, interception or amendment or the consequences X-Disclaimer: thereof. Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter2.kernel.org [140.211.167.43]); Thu, 02 Jun 2011 13:38:07 +0000 (UTC) J. Bruce Fields wrote: > > But could we just combine this with the previous section--and make sure > the different possibilities are listed there in the correct priority > order to start off with. > > That'd also mean adding a new subsection for the "anonymous" case. OK - how about the attached patch? James Pearson --- exports.man.dist 2010-09-28 13:24:16.000000000 +0100 +++ exports.man 2011-06-02 14:19:26.434486000 +0100 @@ -48,19 +48,6 @@ This is the most common format. You may specify a host either by an abbreviated name recognized be the resolver, the fully qualified domain name, or an IP address. -.IP "netgroups -NIS netgroups may be given as -.IR @group . -Only the host part of each -netgroup members is consider in checking for membership. Empty host -parts or those containing a single dash (\-) are ignored. -.IP "wildcards -Machine names may contain the wildcard characters \fI*\fR and \fI?\fR. -This can be used to make the \fIexports\fR file more compact; for instance, -\fI*.cs.foo.edu\fR matches all hosts in the domain -\fIcs.foo.edu\fR. As these characters also match the dots in a domain -name, the given pattern will also match all hosts within any subdomain -of \fIcs.foo.edu\fR. .IP "IP networks You can also export directories to all hosts on an IP (sub-) network simultaneously. This is done by specifying an IP address and netmask pair @@ -72,6 +59,25 @@ to the network base IPv4 address results in identical subnetworks with 10 bits of host. Wildcard characters generally do not work on IP addresses, though they may work by accident when reverse DNS lookups fail. +.IP "wildcards +Machine names may contain the wildcard characters \fI*\fR and \fI?\fR. +This can be used to make the \fIexports\fR file more compact; for instance, +\fI*.cs.foo.edu\fR matches all hosts in the domain +\fIcs.foo.edu\fR. As these characters also match the dots in a domain +name, the given pattern will also match all hosts within any subdomain +of \fIcs.foo.edu\fR. +.IP "netgroups +NIS netgroups may be given as +.IR @group . +Only the host part of each +netgroup members is consider in checking for membership. Empty host +parts or those containing a single dash (\-) are ignored. +.IP "anonymous +This is specified by a single +.I * +character (not to be confused with the +.I wildcard +entry above) and will match all clients. '''.TP '''.B =public '''This is a special ``hostname'' that identifies the given directory name @@ -92,6 +98,12 @@ '''.B \-\-public\-root '''option. Multiple specifications of a public root will be ignored. .PP +If a client matches more than one of the specifications above, then +the first match from the above list order takes precedence - regardless of +the order they appear on the export line. However, if a client matches +more than one of the same type of specification (e.g. two netgroups), +then the first match from the order they appear on the export line takes +precedence. .SS RPCSEC_GSS security You may use the special strings "gss/krb5", "gss/krb5i", or "gss/krb5p" to restrict access to clients using rpcsec_gss security. However, this