Subscribe

what rule options I should use to allow client root has root privilege?

[ Edited ]

when I run mount vs2:/.admin /mnt/vs2rw as root, and then touch a file, I got permission denied  error.

 

the following is the rule instance, what should I modify?


                                    Vserver: vs1

                                Policy Name: policy_test

 

 

                                 Rule Index: 1
                            Access Protocol: nfs
Client Match Hostname, IP Address, Netgroup, or Domain: x.x.x.x

                             RO Access Rule: any
                             RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: sys
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true

Re: what rule options I should use to allow client root has root privilege?

give "-anon" parameters value as '0' ( only for the rule with client match x.x.x.x which is the client that you want to enable root access)

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

Re: what rule options I should use to allow client root has root privilege?


give "-anon" parameters value as '0'

Be aware this can seriously break access to exported filesystem. I hit this when setting up Simpana (SnapProtect) Oracle/SAP agent that must be run under specific group. Using anon=0 will change user ID but leave group ID that for anonymous user.

 

Using root=XXX (or -superuser in case of cDOT) fixed it.