Version 7 (modified by zequi, 4 years ago) (diff)



Access list should be read from left to rigth. List elements in an option (E.g. rw in sharenfs), are separated with colons (:) and the first option matched is chosen and no further elements are checked.

The following command allows specified hosts to access read-only while blocking access from anywhere.

root@seal:# zfs set sharenfs=ro=@ depot/gmeteo/DATA/ESGF/UNICAN-NODE

Spock client


  • Read only mount
  • User's UIDS/GIDS from seal do not exist in spock so we allow them map to 'nobody' since mapping them to 'esgfuser' does not improve anything at the moment. The UNICAN-NODE directory and it's child directories must have read and execute permissions for all users. ¿En seal las peticiones de spock se hacen comom usuario nobody?
[esgfuser@spock UNICAN-NODE]$ touch esgfu44
touch: cannot touch `esgfu44': Read-only file system

Operaciones a repetir:

  1. yum install nfs-utils autofs
  2. Añadir en /etc/idmap.conf "Domain = localdomain" sino coje
  3. Añadir linea a /etc/auto.master , crear /etc/auto.nfs4, arrancar servicio
  4. Replicar la estructura de directorios que usamos en el resto de equipos
[root@spock etc]# tail -n3 /etc/auto.master
/- /etc/auto.nfs4

[root@spock etc]# cat /etc/auto.nfs4
/vols/seal/oceano/gmeteo/DATA/ESGF/UNICAN-NODE      -fstype=nfs4           :/oceano/gmeteo/DATA/ESGF/UNICAN-NODE

[root@spock etc]# /etc/init.d/autofs start
Starting automount:                                        [  OK  ]

[root@spock etc]# chkconfig --list autofs
autofs          0:off   1:off   2:off   3:on    4:on    5:on    6:off

[root@spock oceano]# mkdir -p /vols/seal
[root@spock oceano]# mkdir -p /oceano/gmeteo/DATA/ESGF/
[root@spock oceano]# ln -s /vols/seal/oceano/gmeteo/DATA/ESGF/UNICAN-NODE/ /oceano/gmeteo/DATA/ESGF/

He comprobado que solo creando mi usuario en spock con mismo UID que seal sin hacer mas cambios la autenticacion de mi usuario funciona