By Lubomir Petrik on Jun 23, 2009
It might be strange, but sharing a ZFS file system over NFS in OpenSolaris can be tricky. The reason is that not all mechanisms that one might expect to work actually work on ZFS file systems in all cases.
There are many ways to share a file system over NFS:
- System -> Administration -> Shared Folders - starts a graphical tool to create a share (Note: if you install OSOLvpanels-sharemgr package, the started application will be very different and more advanced)
- share command (see share(1M) man page)
- zfs command (see zfs(1M) man page) - works only on zfs datasets
Now to explain the tricky part. When I share a zfs dataset using 1) or 2) it works only if I don't specify any security attributes. As an example let's share /test directory that is backed up by a pool/test ZFS dataset. The share command now returns:
# share - /test rw "Test"
All is fine and the /test directory is mountable by the remote hosts. Now for security reasons, I want to restrict the access to my private network subnet. If I do that using the 1) or 2) the output of the share commands get changed to following:
# share - /test sec=sys,email@example.com/24 "Test"
While the output seems to be correct, none of the hosts on the 172.20.15.0/24 subnet can mount the /test folder with a message saying permission denied by server. This doesn't seem right. So let's try to share the /test using method 3) the zfs command:
# zfs set firstname.lastname@example.org/24 pool/test # share -@pool/test /test sec=sys,email@example.com/24 ""
Notice the difference in the share outputs, it now contains the @pool/test and surprisingly hosts can again mount /test and the access is restricted only to my private subnet. I've enter an OpenSolaris bug for that. Let's see when it gets some attention.
For now share ZFS filesystems over NFS with the zfs command.