Wed Mar 27 00:46:17 2024 UTC (68d)
exports(5): Revert warning about `-ro' on read/write file systems.

Looks like the nfs server does enforce that after all, in spite of
the rather oblique commentary in the BUGS section about export
options being tied to local mount point options with which they must
be noncontradictory.

And there's no reason in principle it shouldn't enforce this -- it
just need to block various file system _operations_, rather than the
subtree issue where the criteria for evaluating whether operations
are allowed on particular _file handles_ are too painful to
contemplate.

PR misc/58063


(riastradh)
diff -r1.33 -r1.34 src/usr.sbin/mountd/exports.5
cvs diff -r1.33 -r1.34 src/usr.sbin/mountd/exports.5 (expand / switch to unified diff)

--- src/usr.sbin/mountd/exports.5 2024/03/26 23:32:43 1.33
+++ src/usr.sbin/mountd/exports.5 2024/03/27 00:46:17 1.34
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1.\" $NetBSD: exports.5,v 1.33 2024/03/26 23:32:43 riastradh Exp $ 1.\" $NetBSD: exports.5,v 1.34 2024/03/27 00:46:17 riastradh Exp $
2.\" 2.\"
3.\" Copyright (c) 1989, 1991, 1993 3.\" Copyright (c) 1989, 1991, 1993
4.\" The Regents of the University of California. All rights reserved. 4.\" The Regents of the University of California. All rights reserved.
5.\" 5.\"
6.\" Redistribution and use in source and binary forms, with or without 6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions 7.\" modification, are permitted provided that the following conditions
8.\" are met: 8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright 9.\" 1. Redistributions of source code must retain the above copyright
10.\" notice, this list of conditions and the following disclaimer. 10.\" notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\" notice, this list of conditions and the following disclaimer in the 12.\" notice, this list of conditions and the following disclaimer in the
13.\" documentation and/or other materials provided with the distribution. 13.\" documentation and/or other materials provided with the distribution.
14.\" 3. Neither the name of the University nor the names of its contributors 14.\" 3. Neither the name of the University nor the names of its contributors
@@ -164,53 +164,34 @@ If a @@ -164,53 +164,34 @@ If a
164.Fl mapall 164.Fl mapall
165option is given, 165option is given,
166all users (including root) will be mapped to that credential in 166all users (including root) will be mapped to that credential in
167place of their own. 167place of their own.
168.Pp 168.Pp
169The 169The
170.Fl kerb 170.Fl kerb
171option specifies that the Kerberos authentication server should be 171option specifies that the Kerberos authentication server should be
172used to authenticate and map client credentials. 172used to authenticate and map client credentials.
173This option is currently not implemented. 173This option is currently not implemented.
174.Pp 174.Pp
175The 175The
176.Fl ro 176.Fl ro
177option should be specified for filesystems that are read-only (default 177option specifies that the filesystem should be exported read-only
178is to assume read/write). 178(default read/write).
179The option 179The option
180.Fl o 180.Fl o
181is a synonym for 181is a synonym for
182.Fl ro 182.Fl ro
183in an effort to be backward compatible with older export file formats. 183in an effort to be backward compatible with older export file formats.
184.Pp 184.Pp
185.Bf -symbolic 
186Warning: 
187Exporting a read/write filesystem with 
188.Fl ro 
189.Em does not 
190prevent clients from writing to it. 
191.Ef 
192To prevent clients from writing to a filesystem, it must be mounted 
193read-only 
194.Em on the server 
195in the first place. 
196To export a read/write filesystem so clients can only read from it, not 
197write to it, you can mount a read-only nullfs from the filesystem with 
198.Xr mount_null 8 
199using the 
200.Fl o Cm ro 
201option, and then export the read-only nullfs instead. 
202See also caveats about nullfs namespace below. 
203.Pp 
204The 185The
205.Fl noresvport 186.Fl noresvport
206option specifies that NFS RPC calls for the filesystem do not have to come 187option specifies that NFS RPC calls for the filesystem do not have to come
207from reserved ports. 188from reserved ports.
208Normally, clients are required to use reserved ports for operations. 189Normally, clients are required to use reserved ports for operations.
209Using this option decreases the security of your system. 190Using this option decreases the security of your system.
210.Pp 191.Pp
211The 192The
212.Fl noresvmnt 193.Fl noresvmnt
213option specifies that mount RPC requests for the filesystem do not have 194option specifies that mount RPC requests for the filesystem do not have
214to come from reserved ports. 195to come from reserved ports.
215Normally, clients are required to use reserved ports for mount requests. 196Normally, clients are required to use reserved ports for mount requests.
216Using this option decreases the security of your system. 197Using this option decreases the security of your system.
@@ -414,27 +395,27 @@ The default remote mount-point file. @@ -414,27 +395,27 @@ The default remote mount-point file.
414.%U https://datatracker.ietf.org/doc/html/rfc1813#section-5.0 395.%U https://datatracker.ietf.org/doc/html/rfc1813#section-5.0
415.Re 396.Re
416.Sh CAVEATS 397.Sh CAVEATS
417Don't re-export NFS-mounted filesystems unless you are sure of the 398Don't re-export NFS-mounted filesystems unless you are sure of the
418implications. 399implications.
419NFS has some assumptions about the characteristics of the file 400NFS has some assumptions about the characteristics of the file
420systems being exported, e.g. when timestamps are updated. 401systems being exported, e.g. when timestamps are updated.
421Re-exporting should work to some extent and can even be useful in 402Re-exporting should work to some extent and can even be useful in
422some cases, but don't expect it works as well as with local file 403some cases, but don't expect it works as well as with local file
423systems. 404systems.
424.Pp 405.Pp
425.Pp 406.Pp
426Filesystems that provide a namespace for a subtree of another 407Filesystems that provide a namespace for a subtree of another
427filesystem such as nullfs  408filesystem such as nullfs
428.No ( Xr mount_null 8 ) 409.No ( Xr mount_null 8 )
429and umapfs 410and umapfs
430.No ( Xr mount_umap 8 ) 411.No ( Xr mount_umap 8 )
431.Em do not 412.Em do not
432restrict 413restrict
433.Tn NFS 414.Tn NFS
434clients to that namespace, so they cannot be used to securely limit 415clients to that namespace, so they cannot be used to securely limit
435.Tn NFS 416.Tn NFS
436clients to a subtree of a filesystem. 417clients to a subtree of a filesystem.
437If you want to export one subtree and prevent access to other subtrees, 418If you want to export one subtree and prevent access to other subtrees,
438the exported subtree must be on its own filesystem on the server. 419the exported subtree must be on its own filesystem on the server.
439.Sh BUGS 420.Sh BUGS
440The export options are tied to the local mount points in the kernel and 421The export options are tied to the local mount points in the kernel and