| Message ID | 4DE79236.1080808@moving-picture.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Thu, Jun 02, 2011 at 02:37:58PM +0100, James Pearson wrote: > J. Bruce Fields wrote: > > > >But could we just combine this with the previous section--and make sure > >the different possibilities are listed there in the correct priority > >order to start off with. > > > >That'd also mean adding a new subsection for the "anonymous" case. > > OK - how about the attached patch? Looks good to me, thanks. My one quibble is with the statement that "single host" "is the most common format". (I don't think we know that.) Fix that, and just resend with a brief changelog comment and a Signed-off-by: James Pearson <etc...> and steved should get around to applying it eventually.... --b. > > James Pearson > --- exports.man.dist 2010-09-28 13:24:16.000000000 +0100 > +++ exports.man 2011-06-02 14:19:26.434486000 +0100 > @@ -48,19 +48,6 @@ > This is the most common format. You may specify a host either by an > abbreviated name recognized be the resolver, the fully qualified domain > name, or an IP address. > -.IP "netgroups > -NIS netgroups may be given as > -.IR @group . > -Only the host part of each > -netgroup members is consider in checking for membership. Empty host > -parts or those containing a single dash (\-) are ignored. > -.IP "wildcards > -Machine names may contain the wildcard characters \fI*\fR and \fI?\fR. > -This can be used to make the \fIexports\fR file more compact; for instance, > -\fI*.cs.foo.edu\fR matches all hosts in the domain > -\fIcs.foo.edu\fR. As these characters also match the dots in a domain > -name, the given pattern will also match all hosts within any subdomain > -of \fIcs.foo.edu\fR. > .IP "IP networks > You can also export directories to all hosts on an IP (sub-) network > simultaneously. This is done by specifying an IP address and netmask pair > @@ -72,6 +59,25 @@ > to the network base IPv4 address results in identical subnetworks with 10 bits of > host. Wildcard characters generally do not work on IP addresses, though they > may work by accident when reverse DNS lookups fail. > +.IP "wildcards > +Machine names may contain the wildcard characters \fI*\fR and \fI?\fR. > +This can be used to make the \fIexports\fR file more compact; for instance, > +\fI*.cs.foo.edu\fR matches all hosts in the domain > +\fIcs.foo.edu\fR. As these characters also match the dots in a domain > +name, the given pattern will also match all hosts within any subdomain > +of \fIcs.foo.edu\fR. > +.IP "netgroups > +NIS netgroups may be given as > +.IR @group . > +Only the host part of each > +netgroup members is consider in checking for membership. Empty host > +parts or those containing a single dash (\-) are ignored. > +.IP "anonymous > +This is specified by a single > +.I * > +character (not to be confused with the > +.I wildcard > +entry above) and will match all clients. > '''.TP > '''.B =public > '''This is a special ``hostname'' that identifies the given directory name > @@ -92,6 +98,12 @@ > '''.B \-\-public\-root > '''option. Multiple specifications of a public root will be ignored. > .PP > +If a client matches more than one of the specifications above, then > +the first match from the above list order takes precedence - regardless of > +the order they appear on the export line. However, if a client matches > +more than one of the same type of specification (e.g. two netgroups), > +then the first match from the order they appear on the export line takes > +precedence. > .SS RPCSEC_GSS security > You may use the special strings "gss/krb5", "gss/krb5i", or "gss/krb5p" > to restrict access to clients using rpcsec_gss security. However, this -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
J. Bruce Fields wrote: > Looks good to me, thanks. > > My one quibble is with the statement that "single host" "is the most > common format". (I don't think we know that.) > > Fix that, and just resend with a brief changelog comment and a > > Signed-off-by: James Pearson <etc...> > > and steved should get around to applying it eventually.... The "This is the most common format" statement is in the existing exports man page - i.e. nothing to do with my patch ... However, I'll remove that statement as well and submit the patch James Pearson -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 06/02/2011 09:37 AM, James Pearson wrote: > J. Bruce Fields wrote: >> >> But could we just combine this with the previous section--and make sure >> the different possibilities are listed there in the correct priority >> order to start off with. >> >> That'd also mean adding a new subsection for the "anonymous" case. > > OK - how about the attached patch? > > James Pearson Committed.... steved. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
--- exports.man.dist 2010-09-28 13:24:16.000000000 +0100 +++ exports.man 2011-06-02 14:19:26.434486000 +0100 @@ -48,19 +48,6 @@ This is the most common format. You may specify a host either by an abbreviated name recognized be the resolver, the fully qualified domain name, or an IP address. -.IP "netgroups -NIS netgroups may be given as -.IR @group . -Only the host part of each -netgroup members is consider in checking for membership. Empty host -parts or those containing a single dash (\-) are ignored. -.IP "wildcards -Machine names may contain the wildcard characters \fI*\fR and \fI?\fR. -This can be used to make the \fIexports\fR file more compact; for instance, -\fI*.cs.foo.edu\fR matches all hosts in the domain -\fIcs.foo.edu\fR. As these characters also match the dots in a domain -name, the given pattern will also match all hosts within any subdomain -of \fIcs.foo.edu\fR. .IP "IP networks You can also export directories to all hosts on an IP (sub-) network simultaneously. This is done by specifying an IP address and netmask pair @@ -72,6 +59,25 @@ to the network base IPv4 address results in identical subnetworks with 10 bits of host. Wildcard characters generally do not work on IP addresses, though they may work by accident when reverse DNS lookups fail. +.IP "wildcards +Machine names may contain the wildcard characters \fI*\fR and \fI?\fR. +This can be used to make the \fIexports\fR file more compact; for instance, +\fI*.cs.foo.edu\fR matches all hosts in the domain +\fIcs.foo.edu\fR. As these characters also match the dots in a domain +name, the given pattern will also match all hosts within any subdomain +of \fIcs.foo.edu\fR. +.IP "netgroups +NIS netgroups may be given as +.IR @group . +Only the host part of each +netgroup members is consider in checking for membership. Empty host +parts or those containing a single dash (\-) are ignored. +.IP "anonymous +This is specified by a single +.I * +character (not to be confused with the +.I wildcard +entry above) and will match all clients. '''.TP '''.B =public '''This is a special ``hostname'' that identifies the given directory name @@ -92,6 +98,12 @@ '''.B \-\-public\-root '''option. Multiple specifications of a public root will be ignored. .PP +If a client matches more than one of the specifications above, then +the first match from the above list order takes precedence - regardless of +the order they appear on the export line. However, if a client matches +more than one of the same type of specification (e.g. two netgroups), +then the first match from the order they appear on the export line takes +precedence. .SS RPCSEC_GSS security You may use the special strings "gss/krb5", "gss/krb5i", or "gss/krb5p" to restrict access to clients using rpcsec_gss security. However, this