Hello,
I'm doing a Perl script to parse the dfstab file and find dangerous configurations (rw to everyone, root access, etc). My question is, if I have a share command like this:
share -F nfs -o ro=chrome:copper:zinc,root=chrome /usr/man
it means that the /usr/man is "rw" to everyone (because "rw" isn't present) or the "ro" overwrites the default "rw" option? I'm a little confused on these details, could someone give me some lights?
Thanks.
and nfs share of rw isn't necessarily dangerous, as it may be appropriate for clients to write to servers. the user/group/read/write/execute attributes are still respected, however you need to confirm that there is a one to one mapping for uids and gids between server and all clients.
the "root=" means that the root from server chrome will be allowed root access to this share. This would typically be used for diskless clients.
Well, I think I was not explicit enough. With that share options, it means that /usr/man is rw to everyone due to the absent of rw in the options configuration? Or the ro option overwrites the default rw behaviour? It's the same having this:
share -F nfs -o ro=chrome:copper:zinc,root=chrome /usr/man
or this:
share -F nfs -o ro=chrome:copper:zinc,root=chrome,rw /usr/man
?
Nevermind the other options, they're there just as an example.
A share is read/write unless the read only option is changes it.
ro Sharing will be read-only to all clients.
ro=access_list
Sharing will be read-only to the clients
listed in access_list; overrides the rw
suboption for the clients specified. See
access_list below.
But the order matters? For example:
share -F nfs -o rw=chrome,ro=chrome /usr/man
and
share -F nfs -o ro=chrome,rw=chrome /usr/man
I think in the 1st the ro overwrite the rw and in the 2nd vice-versa. Right?
try it
it *may* be undefined behaviour,
however the doc says "ro" overrides "rw".
The most restrictive permissions apply, in this case it will be ro.