SUMMARY: netgroup and dfstab file syntax to restrict file system access

From: Thomas Walter (tbw@katahdin.hunter.cuny.edu)
Date: Mon May 04 1998 - 16:03:20 CDT


Dear Sun Managers,

the original question was;

I am sharing a number of filesystems via NFS.
All machines are Sun's running Solaris 2.4, 2.5.1 and 2.6 and all are
running NIS. I want to restrict access
to only those workstations in my domain. The entry in /etc/netgroup is;

allhosts (,,deptgeo) deptgeo is our domain name established many years
                                                          ago.

The entry in /etc/dfs/dfstab is;

share -F nfs -o rw=allhosts /scratch

I have execduted the shareall command and the share command results in
this line;

- /scratch rw=allhosts ""

ypcat netgroup shows the following; (,,deptgeo)

I am still able to mount this filesystem on a machine outside the domain.
Any idea what I'm doing wrong?

===============================================================================

SOLUTION

I made an entry in /etc/netgroup as follows;

allmachines (machine1,,) (machine2,,) (machine3,,)

pushed the netgroup map

Made the following entry in /etc/dfs/dfstab

share -F nfs -o rw=allmachines /scratch

shared the filesystem with the shareall command

I then tried to mount this file system on a machine in
a different domain. Permission denied.

====================================================================================

Thanks to the following people who made suggestions;

Chris Cariffe
David Thorburn-Gundlach
Matthew Stier

==================================================================================

Thomas Walter
Director
Spatial Analysis and Remote Sensing (SPARS) Laboratory
Geography Department
Hunter College of the City University of New York
695 Park Avenue
New York, NY 10021

(212)772-5457 Office
(212)772-5268 Fax
tbwalter@everest.hunter.cuny.edu



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:39 CDT