Subscribe
Accepted Solution

export-policy rule for root volume

Which recommended export-policy rules shall I provide for a root volume on a CDOT-Vserver, to give on one hand other volumes arbitrary export-policys and on the other hand prevent unwanted access via the /-path?

Re: export-policy rule for root volume

Hi,

 

we use this to prevent writing to the root volume but allow reading and traversing it to the junction:

 

Policy Name: default
Rule Index: 1
Access Protocol: nfs3
Client Match Hostname, IP Address, Netgroup, or Domain: <your whole network>
RO Access Rule: none
RW Access Rule: never
Superuser Security Types: none
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true

 

Marcus