How to share ZFS over NFS in OpenSolaris 2009.06

It might be strange, but sharing a ZFS file system over NFS in OpenSolaris can be tricky. The reason is that not all mechanisms that one might expect to work  actually work on ZFS file systems in all cases.

There are many ways to share a file system over NFS:

  1. System -> Administration -> Shared Folders - starts a graphical tool to create a share (Note: if you install OSOLvpanels-sharemgr package, the started application will be very different and more advanced)
  2. share command (see share(1M) man page)
  3. zfs command (see zfs(1M) man page) - works only on zfs datasets

Now to explain the tricky part. When I share a zfs dataset using 1) or 2) it works only if I don't specify any security attributes. As an example let's share /test directory that is backed up by a pool/test ZFS dataset. The share command now returns:

# share 
-               /test   rw   "Test"

All is fine and the /test directory is mountable by the remote hosts. Now for security reasons, I want to restrict the access to my private network subnet. If I do that using the 1) or 2) the output of the share commands get changed to following:

# share
-               /test   sec=sys,rw=@172.20.15.0/24 "Test"

While the output seems to be correct, none of the hosts on the 172.20.15.0/24 subnet can mount the /test folder with a message saying permission denied by server. This doesn't seem right. So let's try to share the /test using method 3) the zfs command:

# zfs set sharenfs=rw=@172.20.15.0/24 pool/test
# share
-@pool/test    /test    sec=sys,rw=@172.20.15.0/24   ""

Notice the difference in the share outputs, it now contains the @pool/test and surprisingly hosts can again mount /test and the access is restricted only to my private subnet. I've enter an OpenSolaris bug for that. Let's see when it gets some attention.

For now share ZFS filesystems over NFS with the zfs command.

Comments:

Welcome to the party, this feature has been in place for only 4 years since the first release of ZFS.

Posted by Anantha on June 24, 2009 at 06:18 AM CEST #

Not sure if you read the blog post completely. It's not about the using zfs to share a folder, but rather about the fact that other means do not work and I expect them to. Is it not strange to you that the share command works only when the security is off? If not, I'd appreciate your insights.

Posted by Lubomir Petrik on June 24, 2009 at 10:37 AM CEST #

Sometimes it is good to know that it's not only me wondering about such things. I guess people didn't notice that misbehavior as they just used the ZFS commands and that's it...

Posted by Stargazer on December 24, 2009 at 01:19 AM CET #

The new/modified share and sharemgr man pages are underdocumented. It's so complicated they can't even have examples in them. Here's an example of trying to share NFS under ZFS (snv_147):

#zfs list |grep rpool/n
rpool/n 67.2G 788G 67.2G /n
# share set sharenfs=rw=@10.0.0/24 rpool/n
Could not share: set: operation not allowed

Posted by Dan on September 19, 2010 at 04:29 PM CEST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Lubomir Petrik

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today