Bug #1012
closed
cifs-shares are also exported via nfs without being configured therefor
100%
Description
1. create a dataset as cifs-share
2. set sharesmb=name=test (cifs should work now)
3. svcadm enable -r nfs/server
=> dfshares will show your cifs shares, because they are now also exported via nfs without any restrictions
=> every nfs capable client in your network is now able to bypass any restrictions on your shares
Updated by Rich Lowe almost 12 years ago
The problem is sharemgr (or libshare, perhaps). When the nfs/server start method does 'sharemgr start -P nfs -a', it really does start sharing all shares on NFS. sharemgr seems convinced that something else is doing the "is this share appropriate to this protocol" check, but nothing that I can find is. libshare probably shouldn't, as from its point of view it's being asked to share 'foo' on NFS, and is just doing so. It seems that sharemgr should be where this is actually checked.
The most conservative place to check would be sa_enable_group before adding to worklist, less conservative places in descending order are enable_all_groups and enable_group, the latter may not actually catch every case.
Updated by Rich Lowe almost 12 years ago
It seems like enable_group should get a has_protocol() check similar to disable_group's.
I'm not sure if that's sufficient (can protocols be set at the share level, rather than the group?)
Updated by Rich Lowe almost 12 years ago
- Assignee set to Rich Lowe
- Tags deleted (
needs-triage)
Updated by Rich Lowe almost 12 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Resolved in r13371 commit:ac51c74a855d