ONTAP Discussions

Qtree-level exports in CDOT

bsnyder27
5,252 Views

Anyone able to explain to me how to make them work? 

I've tied an export-policy to a qtree w/ a rule allowing a host NFS protocol access - any any any.  Getting access denied from the client host when attempting to mount.  Tried w/ hostname, FQDN hostname and IP address. 

All result in 'access denied by server while mounting'.  Adding access at the volume level works though.  Maybe I'm missing a step.

Unix Permissions: -s-rwxrwxr-x

1 ACCEPTED SOLUTION

aborzenkov
5,168 Views

Yes, this is correct. This is also documented this way. You cannot export nested mounts with less restrictive permissions than parent mounts.

View solution in original post

2 REPLIES 2

bsnyder27
5,168 Views

Allow me to ask a further question that may be easier for someone to answer now that I think I might get it myself.

It looks as though qtree-level exports merely allow you to make access unique to the underlying qtrees within a volume, but access still needs to be allowed at the volume level for all rules defined at the qtree-level.

So access to underlying qtrees can be more restrictive than access at the volume level.  But in the case where you want to give more access at the qtree-level than you do the volume-level...it's not possible due to the way junction paths function requiring the hierarchical access.  Is this correct?

aborzenkov
5,169 Views

Yes, this is correct. This is also documented this way. You cannot export nested mounts with less restrictive permissions than parent mounts.

Public