Server Share Options

Previous page
Table of content
Next page
Team-Fly    
Solaris™ Operating Environment Boot Camp
By David Rhodes, Dominic Butler
Table of Contents
Chapter 18.  NFS, DFS, and Autofs

The settings above have worked fine; the clients can see the data and access it OK. The only problem is that we have allowed every machine on the network to have read-write access to the whole of /data/remote_files, and everything below it. There may be a valid reason for this and it may be what we actually need, but let's look at how we can restrict machines and tighten security a little by specifying some share options for each resource.

We'll alter the settings so that only the machines that actually need access to a resource can get it. We'll also force the type of access they are allowed, where possible. For example, there is no point providing write access to read-only data, such as NFS-mounted manual pages.

Looking in /data/remote_files, we find there are a number of subdirectories, each of which is used by different machines on the network. Table 18.4 summarizes which clients will be allowed access to which directories, along with the level of access they are allowed. Again, we don't need to be concerned about the information that the subdirectories contain.

Table 18.4. Allowed Client Access

Directory

Clients

Access Required

/data/remote_files/log

All machines

Read-only

/data/remote_files/general

Lithium, boron

Read-write

/data/remote_files/admin

Nitrogen

Read-only

To do this, we need to update the settings in /etc/dfs/dfstab. We'll remove the line that allowed access to everything and replace it with entries for each of the subdirectories instead. Each of these will also contain the correct options needed to achieve the access control. After making the changes to the configuration file, it will look like the one shown below:

 helium# cat /etc/dfs/dfstab <lines removed for clarity> share -F nfs -o ro               /data/remote_files/log share -F nfs -o rw=lithium:boron /data/remote_files/general share -F nfs -o ro=nitrogen      /data/remote_files/admin helium#

We can see from the file above that we've passed all the options in a comma-separated list to the "-o" argument. Let's look at the entries we have used:

  • ro (the resource is available to everyone, but with read-only access)

  • ro=nitrogen (the resource is available only to nitrogen, with read-only access)

  • rw=lithium:boron (the resource is available only to the named machines, but with read-write access)

Finally, we'll remove access to the top-level directory by unsharing everything and allow access to the subdirectories instead by rerunning the share command for the new information:

 helium# unshareall helium# shareall helium#
    Team-Fly    
    Top
    		  


    Previous page
    Table of content
    Next page
    Solaris Operating Environment Boot Camp
    Solaris Operating Environment Boot Camp
    ISBN: 0130342874
    EAN: 2147483647
    Year: 2002
    Pages: 301
    Authors: David Rhodes, Dominic Butler
    BUY ON AMAZON
    Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
    Interprocess Communications in Linux: The Nooks and Crannies
    OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
    MySQL Clustering
    Introduction to 80x86 Assembly Language and Computer Architecture
    FileMaker 8 Functions and Scripts Desk Reference
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy