<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div dir="ltr" >>> /gpfs/filesystem1/directory1/sub-directory1 is exported to client2 as read-write.</div>
<div dir="ltr" >>> client2 is not included in the export for /gpfs/filesystem1/directory1.</div>
<div dir="ltr" >>> Mounting /gpfs/filesystem1/directory1/sub-directory1 on client2 does not work and results in a permission denied</div>
<div dir="ltr" > </div>
<div dir="ltr" >Any NFSv4 implementation needs to traverse the pseudo path for being able to mount an export. One would expect "client2" to traverse over /gpfs/filesystem1/directory1/ but not list its content/other files. I strongly think this is a bug in Ganesha implementation, it is probably looking at the real-export object than the pseudo-object for permission checking.</div>
<div dir="ltr" > </div>
<div dir="ltr" >One option is to change the Pseudo file system layout. For example, "/gpfs/client2" as "Pseudo" option for export with path " /gpfs/filesystem1/directory1/sub-directory1". This is directly not possible with Spectrum CLI command mmnfs unless you are using the latest and greatest ("mmnfs export add" usage would show if it supports Pseudo option). Of course, you can manually do it (using CCR) as Ganesha itself allows it.</div>
<div dir="ltr" > </div>
<div dir="ltr" >Yes, NFSv3 has no pseudo traversal, it should work.</div>
<div dir="ltr" > </div>
<div dir="ltr" >Regards, Malahal.</div>
<blockquote data-history-content-modified="1" data-history-expanded="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: "Dietrich, Stefan" <stefan.dietrich@desy.de><br>Sent by: gpfsug-discuss-bounces@spectrumscale.org<br>To: gpfsug-discuss@spectrumscale.org<br>Cc:<br>Subject: [gpfsug-discuss] Nested NFSv4 Exports<br>Date: Thu, Oct 25, 2018 5:52 PM<br>
<div><font face="Default Monospace,Courier New,Courier,monospace" size="2" >Hi,<br><br>I am currently fiddling around with some nested NFSv4 exports and the differing behaviour to NFSv3.<br>The environment is a GPFS 5.0.1 with enabled CES, so Ganesha is used as the NFS server.<br><br>Given the following (pseudo) directory structure:<br><br>/gpfs/filesystem1/directory1<br>/gpfs/filesystem1/directory1/sub-directory1<br>/gpfs/filesystem1/directory1/sub-directory2<br><br>Now to the exports:<br>/gpfs/filesystem1/directory1 is exported to client1 as read-only.<br>/gpfs/filesystem1/directory1/sub-directory1 is exported to client2 as read-write.<br><br>client2 is not included in the export for /gpfs/filesystem1/directory1.<br><br>Mounting /gpfs/filesystem1/directory1 on client1 works as expected.<br>Mounting /gpfs/filesystem1/directory1/sub-directory1 on client2 does not work and results in a permission denied.<br>If I change the protocol from NFSv4 to NFSv3, it works.<br><br>There is a section about nested NFS exports in the mmnfs doc:<br>Creating nested exports (such as /path/to/folder and /path/to/folder/subfolder) is strongly discouraged since this might lead to serious issues in data consistency. Be very cautious when creating and using nested exports.<br>If there is a need to have nested exports (such as /path/to/folder and /path/to/folder/inside/subfolder), NFSv4 client that mounts the parent (/path/to/folder) export will not be able to see the child export subtree (/path/to/folder/inside/subfolder) unless the same client is explicitly allowed to access the child export as well. This is okay as long as the client uses only NFSv4 mounts.<br><br>The Linux kernel NFS server and other NFSv4 servers do not show this behaviour.<br>Is there a way to bypass this with CES/Ganesha? Or is the only solution to add client2 to /gpfs/filesystem1/directory1?<br><br>Regards,<br>Stefan<br><br>--<br>------------------------------------------------------------------------<br>Stefan Dietrich Deutsches Elektronen-Synchrotron (IT-Systems)<br> Ein Forschungszentrum der Helmholtz-Gemeinschaft<br> Notkestr. 85<br>phone: +49-40-8998-4696 22607 Hamburg<br>e-mail: stefan.dietrich@desy.de Germany<br>------------------------------------------------------------------------<br>_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at spectrumscale.org<br><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a></font><br> </div></blockquote>
<div dir="ltr" > </div></div><BR>