Sharing the same location with two different sets of permissions over NFS

[Anonymouslemming]

Hi all,

I'm trying to setup a couple of NFS shares. I want to share the same system, but differently depending on which host is mounting it.

For one specific host, I want to map root to root. This is because this machine mounts the share and carries out cloning and backups so needs to be able to read files regardless of what permission the parent directory is set to.

All other hosts, I want root mapped to nobody so that local elevation attacks on the hosts don't give the user root against the FreeNAS hosted content.

Is there any way to do this ?

 

[L]

You can do this but has to be done manually .. Do you know how to edit files in shell?

 

[Anonymouslemming]

Yeah ... Do I just add an extra line to the exports file ?

Will this not be overwritten when I create / manage NFS shares in the future ?

Thanks,

 

[L]

Yes you should be able to just add root=IP address to options in exports all other ips will default to nobody

 

[Anonymouslemming]

Great - thanks!

 

[Anonymouslemming]

I've given that a try and it didn't work well. As soon as I edited a different share in the UI, /etc/exports was reverted and my changes were lost.

Any idea where I should be making this change ?

Thanks,

 

[dlavigne]

You could create a feature request asking for an "Auxiliary Parameters" field with this example as an example usage. Create the request at bugs.freenas.org and post the issue number here.