Subscribe
Accepted Solution

Qtree-level exports in CDOT

Anyone able to explain to me how to make them work? 

I've tied an export-policy to a qtree w/ a rule allowing a host NFS protocol access - any any any.  Getting access denied from the client host when attempting to mount.  Tried w/ hostname, FQDN hostname and IP address. 

All result in 'access denied by server while mounting'.  Adding access at the volume level works though.  Maybe I'm missing a step.

Unix Permissions: -s-rwxrwxr-x

Re: Qtree-level exports in CDOT

Allow me to ask a further question that may be easier for someone to answer now that I think I might get it myself.

It looks as though qtree-level exports merely allow you to make access unique to the underlying qtrees within a volume, but access still needs to be allowed at the volume level for all rules defined at the qtree-level.

So access to underlying qtrees can be more restrictive than access at the volume level.  But in the case where you want to give more access at the qtree-level than you do the volume-level...it's not possible due to the way junction paths function requiring the hierarchical access.  Is this correct?

Re: Qtree-level exports in CDOT

Yes, this is correct. This is also documented this way. You cannot export nested mounts with less restrictive permissions than parent mounts.