Subscribe
Accepted Solution

When adding an export, it automatically adds "RW" wide open, when it hasn't been selected or typed in.

Does anyone have any idea why I am forced to restrict RW access to an export? When an export is created, and only ROOT is selected, RW will still show up. I think this has been happening since 7.0. When we upgraded a while ago, RW was just added to all of our exports, leaving them all wide open. It's pretty difficult to lock it down after that happens...unfortunately. I have not been able to find a way to stop this behavior. I had opened a case when this initially happened, and we were just told to restrict it so teh mount wasn't left wide open.

Any help would be greatly appreciated.

Thank you,

Andrea

Re: When adding an export, it automatically adds "RW" wide open, when it hasn't been selected or typed in.

Andrea I understand your dilemma - Hopefully this can shed some light on the situation,

From what I'm able to find, what you are experiencing is indeed the real truth of the situation.

The following taken from Access Restrictions for Exported Resources:

When you export a resource, you can specify the access restrictions that govern how the resource can be mounted. If you export a resource without specifying access restrictions, it can be mounted read-write by all hosts.

Though seen another way it is referenced as "By default, if neither the ro or rw permissions are specified, read-write is the default permission"

In my lab, I went through a number of scenarios, choosing to use Filerview as well as the command-line in that age-old "Prove the documentation wrong" and it proved continually to be correct!

A workaround I would employ would involve specifying my rw and root hosts.

Also, I would advise referencing kb23365 for additional information especially in the root/rw context.

Hopefully this helps your situation Andrea,

Christopher Kusek

Re: When adding an export, it automatically adds "RW" wide open, when it hasn't been selected or typed in.

Thank you very much, that's exactly what I was looking for.