Subscribe

Root Volume Export Policy Rule and Mounting Volumes, QTrees, Folders Directly

Two questions:

 

1. We would like to have the root volume have the default export-policy rule of no access, but define indepedent rules on non-root volumes. Is this possible? Here is the output of finding out the policy on vol00 if the default policy has no rules vs. has a read rule:

 

No Rules:

 

check-access -vserver svm1 -volume vol00 -client-ip 192.168.20.50 -authentication-method sys -protocol nfs3 -access-type read-write
(vserver export-policy check-access)
Policy Policy Rule
Path Policy Owner Owner Type Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/ default svm1_root volume 1 denied

 

 

Read Rule:

 

check-access -vserver svm1 -volume vol00 -client-ip 192.168.20.50 -authentication-method sys -protocol nfs3 -access-type read-write
(vserver export-policy check-access)
Policy Policy Rule
Path Policy Owner Owner Type Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/ default svm1_root volume 1 read
/vol00 all_access vol00 volume 1 read-write

 

 

2. We would like to be able to mount the /vol00 directly. But when we do a showmount command, this is all we see:

 

Export list for 192.168.21.74:
/ (everyone)

 

I don't understand how to set /vol00 to show up and be mountable.

Re: Root Volume Export Policy Rule and Mounting Volumes, QTrees, Folders Directly

1. That's not possible. Patent cannot be more restrictive than child (it can, but then child is simply not accessible).

2. That's normal. You still can mount each volume and qtree individually as long as volume has junction point (I.e. is mounted in a namespace).

Re: Root Volume Export Policy Rule and Mounting Volumes, QTrees, Folders Directly

Thank you for the response.   I have an access policy with client specification 0.0.0.0/0, all access protocols enabled, and access details are r/w across the board and superuser access is enabled. Basically, the most wide open I can think to do it. But when I try to mount a volume, I get access denied:

 

sudo mount 192.168.21.74:/vol00 /mnt/na
mount.nfs: access denied by server while mounting 192.168.21.74:/vol00

 

Also, is there any way to have any explicit exports show up in a showmount -e command?  

Re: Root Volume Export Policy Rule and Mounting Volumes, QTrees, Folders Directly

Policy is per-volume. vol00 should be assigned export policy that allows client access. In 8.3 you can enable listing exported volumes with showmount -e; setting is per SVM.