NFS deny access

Hello all,

I have an NFS Server where I want give access to a specific address to a
specific path.
Problem is that I have some other shares active which I do not want the
specific IP to not access it.

The /etc/exports looks like the following:

/nfs/Share1             10.10.*(rw)
/nfs/Share2             10.10.*(rw)

The client on the last line (IP I'd like to exclude from
mounting the first two shares.

How can I do this? 'man exports' does not give any hint if this is possible.



Re: NFS deny access

By James Pearson at 01/09/2019 - 10:10

Thomas Plant via CentOS wrote:
I don't know of an option to exclude a single host - but you might be
able to do something clever with the 'refer' option ...

BTW, the export man page says that you shouldn't use wildcards in IP
network addresses - i.e. instead of exporting to '10.10.*', you should
use ''

So something like the following may work:

/nfs/Share1,refer=/ ... at 127 dot 0.0.1)
/nfs/Share2,refer=/ ... at 127 dot 0.0.1)

The above _should_ cause the client at to attempt to mount
"/dummy" from itself when it tries to mount either /nfs/Share1 or
/nfs/Share2 from the server - and if "/dummy" isn't exported from itself
(or if NFS isn't running), then the mount will fail ...

However, I believe the refer= option is NFSv4 only - so if the client
attempts an NFSv3 mount, it will successfully mount from the server (and
not use the refer mount point) - i.e. to make sure this doesn't happen,
you will need to disable NFSv3 (and NFSv2) access - e.g see:

<a href="" title=""></a>

However, the above is all a bit messy - so I would be interested if you
come across a simpler way of achieving this ...

James Pearson