Managing Network File Systems in Oracle® Solaris 11.2

Exit Print View

Updated: July 2014

Disabling Autofs Browsability

The default version of /etc/auto_master that is installed has the –nobrowse option added to the entries for /home and /net. In addition, the upgrade procedure adds the –nobrowse option to the /home and /net entries in /etc/auto_master if these entries have not been modified. However, you might have to make these changes manually or to turn off browsability for site-specific autofs mount points after the installation.

This section describes how to turn off the browsability feature for a single client, all clients, and a selected file system.

How to Completely Disable Autofs Browsability on a Single NFS Client

  1. Become an administrator on the NFS client.

    For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

  2. Change the autofs SMF configuration parameter.
    # sharectl set -p nobrowse=TRUE autofs
  3. Restart the autofs service.
    # svcadm restart system/filesystem/autofs

How to Disable Autofs Browsability for All Clients

To disable browsability for all clients, you must employ a name service such as NIS. Otherwise, you need to manually edit the automounter maps on each client. In this example, the browsability of the /home directory is disabled. You must follow this procedure for each indirect autofs node that needs to be disabled.

  1. Add the –nobrowse option to the /home entry in the name service auto_master file.
    /home     auto_home     -nobrowse
  2. Run the automount command on all clients to make the new behaviour effective.

    The new behavior also becomes effective after a reboot.

    # /usr/sbin/automount

How to Disable Autofs Browsability on a Selected File System

In this example, browsability of the /net directory is disabled. You can use the same procedure for /home or any other autofs mount points.

  1. Verify the search order for the automount naming services.

    The config/automount property in the name-service/switch service shows the search order for the automount information.

    # svcprop -p config svc:/system/name-service/switch
    config/value_authorization astring
    config/printer astring user\ files
    config/default astring files\ nis
    config/automount astring files\ nis

    The last entry shows that local automount files are searched first and then the NIS service is checked. The config/default entry specifies the search order for all naming information not specifically listed.

  2. Check the position of the +auto_master entry in /etc/auto_master.

    For additions to the local files to have precedence over the entries in the namespace, the +auto_master entry must be moved to follow /net.

    # Master map for automounter
    /net    -hosts     -nosuid
    /home   auto_home
    /nfs4    -fedfs     -ro,nosuid,nobrowse

    A standard configuration places the +auto_master entry at the top of the file, which prevents any local changes from being used.

  3. Add the –nobrowse option to the /net entry in the /etc/auto_master file.
    /net     -hosts     -nosuid,nobrowse
  4. On all clients, run the automount command.

    The new behavior becomes effective after running the automount command on the client systems or after a reboot.

    # /usr/sbin/automount