ONTAP Discussions
ONTAP Discussions
Hi,
I'm trying to restrict the nfs access to volumes mounted in 1st or 2nd level of the namespace, but the linux client let's me mount all volumes and the client also sees all files.
I'm using clustered ONTAP 8.1.2P1 and defined two export policies, one called no-nfs allowing no access at all and the other one called nfs giving access to the volumes...
st228::*> volume show -fields volume,unix-permissions,junction-path,policy
vserver volume policy unix-permissions junction-path
--------- ------ ------ ---------------- -------------
test_bl_2 level1 no-nfs ---rwxrwxrwx /level1
test_bl_2 level2 nfs ---rwxrwxrwx /level1/level2
test_bl_2 vsroot no-nfs ---rwxrwxrwx /
3 entries were displayed.
st228::*> export-policy rule show -policyname no-nfs -fields vserver,policyname,ruleindex,protocol,clientmatch,rorule,rwrule,superuser,anon
(vserver export-policy rule show)
vserver policyname ruleindex protocol clientmatch rorule rwrule anon superuser
--------- ---------- --------- -------- ----------- ------ ------ ----- ---------
test_bl_2 no-nfs 1 nfs 0.0.0.0/0 none none 65534 none
st228::*> export-policy rule show -policyname nfs -fields vserver,policyname,ruleindex,protocol,clientmatch,rorule,rwrule,superuser,anon
(vserver export-policy rule show)
vserver policyname ruleindex protocol clientmatch rorule rwrule anon superuser
--------- ---------- --------- -------- ----------- ------ ------ ----- ---------
test_bl_2 nfs 1 nfs 0.0.0.0/0 any any 65534 none
Is there anything else I have to do?
Best regards,
Bernd
Hi Irapua,
we're talking about clustered ONTAP, so sadly no qtree-level exports this time, just at the volume level.
Best regards,
Bernd
Hi Bernd,
Have a look at this KB, https://kb.netapp.com/support/index?page=content&id=1013380&actp=LIST. It has a good explanation along with examples of how you can achieve your objective.
Hope this helps.
Hi Mrinal,
changing the unix-permissions of the root-volume to 771 did the trick...
st228::> volume show -fields volume,unix-permissions,junction-path,policy
vserver volume policy unix-permissions junction-path
--------- ------ ------ ---------------- -------------
test_bl_2 level1 no-nfs ---rwxrwxrwx /level1
test_bl_2 level2 nfs ---rwxrwxrwx /level1/level2
test_bl_2 vsroot no-nfs ---rwxrwx--x /
3 entries were displayed.
st228::>
Best regards,
Bernd