I've been a bit bothered by NFS4 on Linux. Some information 'out there' seems to conflict with other information, and other information appears hard to find. So here are a couple of things that caught my attention, hopefully someone out there can shed some light on this.

This question focuses exclusively on NFS4 without Kerberos etc.

1. Exports

There is ambiguous information in the exports manpage on the structure of /etc/exports.

To quote from exports(5):

Also, each line may have one or more specifications for default options after the path name, in the form of a dash ("-") followed by an option list.

The option list is used for all subsequent exports on that line only.

What does "subsequent exports on that line only" mean?

1.2 fsid=0 not required anymore?

I was searching for fsid when I found a comment on the linux-nfs list stating fsid=0 is not required anymore. Now I'm just confused, do I need it with nfs4 or not?!

2. Non-exported directory still mountable

Say I have the following tree:

/exp
/exp/users
/exp/distr
/exp/distr/archlinux
/exp/distr/debian

And I have the following entries in this fstab entry:

/dev/disk/by-label/users  /mnt/users  ext4  defaults  0  0
/dev/disk/by-label/distr  /mnt/distr  ext4  defaults  0  0
/mnt/users                /exp/users  none  bind      0  0
/mnt/distr                /exp/distr  none  bind      0  0

And my exports is exactly this:

/exp       192.168.1.0/24(fsid=0,rw,async,no_subtree_check,no_root_squash)
/exp/distr 192.168.1.0/24(rw,async,no_subtree_check,no_root_squash)

And exportfs -arv shows:

exporting 192.168.1.0/24:/exp/distr
exporting 192.168.1.0/24:/exp

Then why am I able to do this and get no error on a client:

mount -t nfs4 server:/exp/users /tmp/test

Even though /exp/users is not exported? I didn't export this directory, and while I don't see the contents of /dev/disk/by-label/users unless I specify crossmnt, I am still able to write to the directory. Everything I write to there goes to the underlying directory of /exp/users which can be seen when I umount /exp/users; ls /exp/users..

3. The odd case of showmount -d server

As stated by rpc.mountd(8), this command should display directories that are either currently mounted by clients, or stale entries in /var/lib/nfs/rmtab, as can be read:

The rpc.mountd daemon registers every successful MNT request by adding an entry to the /var/lib/nfs/rmtab file. When receivng a UMNT request from an NFS client, rpc.mountd simply removes the matching entry from /var/lib/nfs/rmtab, as long as the access control list for that export allows that sender to access the export.

(...)

Note, however, that there is little to guarantee that the contents of /var/lib/nfs/rmtab are accurate. A client may continue accessing an export even after invoking UMNT. If the client reboots without sending a UMNT request, stale entries remain for that client in /var/lib/nfs/rmtab.

After reading this I surely wonder:

1. Isn't it terribly insecure to just expose this type of client information;
2. Aren't unaware server admins bound to have an rmtab with a lot of stale clients;
3. Is this the reason that clients that mount nfs4 directories with mount -v get to see output like "nothing was mounted" even though something was mounted?

I have a lot of other questions regarding nfs4, but I'll keep it at this for the moment.. :)