Prev 1 2 3 4 5 Next

Step Two: Define /exports in NetInfo

Start NetInfo Manager. Open a Finder window, open the Applications folder, then open the Utilities folder. Double-click NetInfo Manager.

There is a little padlock in the lower-lefthand corner. Click it. When prompted, type the password for your administrative account. The padlock will swing open, indicating that you can now make changes.

First, let’s create the /exports properties directory. If your computer does not already have an exports entry, then select the / entry in the leftmost pane and then click the New button right above it. You'll see a “new directory” entry appear, with a single property, “name,” whose value is “new directory.” In the property list, double-click on “new directory” and type “exports” (no slash!) in its place. Hit cmd-S to save your changes, and confirm that you want to do so when the dialog box pops up. Now, select the export directory.

In this example, I’m going to show you how to set up your computer to share your /Users directory over NFS, but only inside a private network—all mount requests from computers whose addresses do not match will be rejected. If your network addresses are different, then you should adjust what follows to suit.

IMPORTANT: you can generally define only one kind of access control per /exports entry, and the order in which they are processed matters. mountd will read the generated /etc/exports file and build a mapping of who is allowed to mount what directory, and what kinds of access will be granted once the mount is permitted. The example that follows shows three entries that all apply to the exported /Users disk directory, and which are added together—an address matching any of the entries will be granted read/write access (provided that user and group permissions on your computer allow that). You can certainly define other shares for your computer if you wish, and there are a large number of options that you can apply to them. Type “man mountd” and “man exports” in a Terminal window for more information.

First, I grant access to any client whose IP address matches 192.168.168. I do this by creating a new NetInfo property directory named “Users1” via the New button. Then I add properties to it by selecting the New Property menu item from the Directory menu in the menu bar. I change the property names by double-clicking on them and typing new names, and I do the same for the property values. When I’m done, I have something that looks like this (-mask is set to 255.255.255.0, but is truncated in the picture):


I do the same thing for Users2, allowing clients matching 172.17 to mount my share:


and again for Users3, allowing clients matching 10. to mount my share:


Note that these three entries apply access controls to the exact same physical directory on my local computer. The controls are added together in this case, allowing clients from any of the three networks to mount my share. The entries are processed in sort order (i.e. the same way they would be sorted by the sort command in the Terminal), so take care when naming them so that they get processed in the order that you want.

Save your work via cmd-S, and proceed to the next step.

Prev 1 2 3 4 5 Next

$Date: 2007/01/11 08:47:54 $