topic Re: Restricting NFS-Access to specific volumes in ONTAP Discussions

Restricting NFS-Access to specific volumes

bloehlein — Thu, 05 Jun 2025 06:10:18 GMT

Hi,

I'm trying to restrict the nfs access to volumes mounted in 1st or 2nd level of the namespace, but the linux client let's me mount all volumes and the client also sees all files.

I'm using clustered ONTAP 8.1.2P1 and defined two export policies, one called no-nfs allowing no access at all and the other one called nfs giving access to the volumes...

st228::*> volume show -fields volume,unix-permissions,junction-path,policy

vserver volume policy unix-permissions junction-path

--------- ------ ------ ---------------- -------------

test_bl_2 level1 no-nfs ---rwxrwxrwx /level1

test_bl_2 level2 nfs ---rwxrwxrwx /level1/level2

test_bl_2 vsroot no-nfs ---rwxrwxrwx /

3 entries were displayed.

st228::*> export-policy rule show -policyname no-nfs -fields vserver,policyname,ruleindex,protocol,clientmatch,rorule,rwrule,superuser,anon

(vserver export-policy rule show)

vserver policyname ruleindex protocol clientmatch rorule rwrule anon superuser

--------- ---------- --------- -------- ----------- ------ ------ ----- ---------

test_bl_2 no-nfs 1 nfs 0.0.0.0/0 none none 65534 none

st228::*> export-policy rule show -policyname nfs -fields vserver,policyname,ruleindex,protocol,clientmatch,rorule,rwrule,superuser,anon

(vserver export-policy rule show)

vserver policyname ruleindex protocol clientmatch rorule rwrule anon superuser

--------- ---------- --------- -------- ----------- ------ ------ ----- ---------

test_bl_2 nfs 1 nfs 0.0.0.0/0 any any 65534 none

Is there anything else I have to do?

Best regards,

Bernd

Re: Restricting NFS-Access to specific volumes

bloehlein — Thu, 14 Feb 2013 14:29:57 GMT

Hi Irapua,

we're talking about clustered ONTAP, so sadly no qtree-level exports this time, just at the volume level.

Best regards,

Bernd

Re: Restricting NFS-Access to specific volumes

mrinal — Thu, 14 Feb 2013 20:49:34 GMT

Hi Bernd,

Have a look at this KB, https://kb.netapp.com/support/index?page=content&id=1013380&actp=LIST. It has a good explanation along with examples of how you can achieve your objective.

Hope this helps.

Re: Restricting NFS-Access to specific volumes

bloehlein — Fri, 15 Feb 2013 07:44:23 GMT

Hi Mrinal,

changing the unix-permissions of the root-volume to 771 did the trick...

st228::> volume show -fields volume,unix-permissions,junction-path,policy

vserver volume policy unix-permissions junction-path

--------- ------ ------ ---------------- -------------

test_bl_2 level1 no-nfs ---rwxrwxrwx /level1

test_bl_2 level2 nfs ---rwxrwxrwx /level1/level2

test_bl_2 vsroot no-nfs ---rwxrwx--x /

3 entries were displayed.

st228::>

Best regards,

Bernd