Go to main content

Managing Network File Systems in Oracle® Solaris 11.4

Exit Print View

Updated: August 2021
 
 

Disabling Autofs Browsability

The default version of /etc/auto_master that is installed has the –nobrowse option added to the entries for /home and /net. In addition, the upgrade procedure adds the –nobrowse option to the /home and /net entries in /etc/auto_master if these entries have not been modified. However, you might have to make these changes manually or to turn off browsability for site-specific autofs mount points after the installation.

This section describes how to turn off the browsability feature for a single client, all clients, and a selected file system.

How to Completely Disable Autofs Browsability on a Single NFS Client

  1. Become an administrator on the NFS client.

    For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

  2. Change the autofs SMF configuration parameter.
    # sharectl set -p nobrowse=TRUE autofs
  3. Restart the autofs service.
    # svcadm restart system/filesystem/autofs

How to Disable Autofs Browsability for All Clients

To disable browsability for all clients, you must employ a name service such as NIS. Otherwise, you need to manually edit the automounter maps on each client. In this example, the browsability of the /home directory is disabled. You must follow this procedure for each indirect autofs node that needs to be disabled.

  1. Add the –nobrowse option to the /home entry in the name service auto_master file.
    /home     auto_home     -nobrowse
  2. Run the automount command on all clients to make the new behaviour effective.

    The new behavior also becomes effective after a reboot.

    # /usr/sbin/automount

How to Disable Autofs Browsability on a Selected File System

In this example, browsability of the /net directory is disabled. You can use the same procedure for /home or any other autofs mount points.

  1. Verify the search order for the automount naming services.

    The config/automount property in the name-service/switch service shows the search order for the automount information.

    # svcprop -p config svc:/system/name-service/switch
    config/value_authorization astring solaris.smf.value.name-service.switch
    config/printer astring user\ files
    config/default astring files\ nis
    config/automount astring files\ nis

    The last entry shows that local automount files are searched first and then the NIS service is checked. The config/default entry specifies the search order for all naming information not specifically listed. If you are using the LDAP naming service, the config/automount property in the name-service/switch service shows ldap in the search order for the automount information.

    # svcprop -p config svc:/system/name-service/switch
    config/value_authorization astring solaris.smf.value.name-service.switch
    config/printer astring user\ files\ ldap
    config/default astring files\ ldap
    config/automount astring files\ ldap
  2. Check the position of the +auto_master entry in /etc/auto_master.

    For additions to the local files to have precedence over the entries in the namespace, the +auto_master entry must be moved to follow /net.

    # Master map for automounter
    #
    /net    -hosts     -nosuid
    /home   auto_home
    +auto_master

    A standard configuration places the +auto_master entry at the top of the file, which prevents any local changes from being used.

  3. Add the –nobrowse option to the /net entry in the /etc/auto_master file.
    /net     -hosts     -nosuid,nobrowse
  4. On all clients, run the automount command.

    The new behavior becomes effective after running the automount command on the client systems or after a reboot.

    # /usr/sbin/automount