https://community.netapp.com/t5/ONTAP-Discussions/what-rule-options-I-should-use-to-allow-client-root-has-root-privilege/m-p/100018#M20328 <P>when I run mount vs2:/.admin /mnt/vs2rw as root, and then touch a file, I got permission denied&nbsp; error.</P><P>&nbsp;</P><P>the following is the rule instance, what&nbsp;should I modify?</P><P><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Vserver:&nbsp;vs1</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Policy Name:&nbsp;policy_test</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Rule Index: 1<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Access Protocol: nfs<BR />Client Match Hostname, IP Address, Netgroup, or Domain:&nbsp;x.x.x.x</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; RO Access Rule: any<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; RW Access Rule: any<BR />User ID To Which Anonymous Users Are Mapped: 65534<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Superuser Security Types: sys<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Honor SetUID Bits in SETATTR: true<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Allow Creation of Devices: true</P> Thu, 05 Jun 2025 05:11:26 GMT netappmagic 2025-06-05T05:11:26Z https://community.netapp.com/t5/ONTAP-Discussions/what-rule-options-I-should-use-to-allow-client-root-has-root-privilege/m-p/100018#M20328 <P>when I run mount vs2:/.admin /mnt/vs2rw as root, and then touch a file, I got permission denied&nbsp; error.</P><P>&nbsp;</P><P>the following is the rule instance, what&nbsp;should I modify?</P><P><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Vserver:&nbsp;vs1</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Policy Name:&nbsp;policy_test</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Rule Index: 1<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Access Protocol: nfs<BR />Client Match Hostname, IP Address, Netgroup, or Domain:&nbsp;x.x.x.x</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; RO Access Rule: any<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; RW Access Rule: any<BR />User ID To Which Anonymous Users Are Mapped: 65534<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Superuser Security Types: sys<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Honor SetUID Bits in SETATTR: true<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Allow Creation of Devices: true</P> Thu, 05 Jun 2025 05:11:26 GMT https://community.netapp.com/t5/ONTAP-Discussions/what-rule-options-I-should-use-to-allow-client-root-has-root-privilege/m-p/100018#M20328 netappmagic 2025-06-05T05:11:26Z https://community.netapp.com/t5/ONTAP-Discussions/what-rule-options-I-should-use-to-allow-client-root-has-root-privilege/m-p/102468#M20791 <P>give "-anon" parameters value as '0' ( only for the rule with client match x.x.x.x which is the client that you want to enable root access)</P> Mon, 30 Mar 2015 10:20:04 GMT https://community.netapp.com/t5/ONTAP-Discussions/what-rule-options-I-should-use-to-allow-client-root-has-root-privilege/m-p/102468#M20791 georgevj 2015-03-30T10:20:04Z https://community.netapp.com/t5/ONTAP-Discussions/what-rule-options-I-should-use-to-allow-client-root-has-root-privilege/m-p/102469#M20792 <BLOCKQUOTE><HR />give "-anon" parameters value as '0'<HR /></BLOCKQUOTE><P>Be aware this can seriously break access to exported filesystem. I hit this when setting up Simpana (SnapProtect) Oracle/SAP agent that must be run under specific group. Using anon=0 will change <STRONG>user</STRONG> ID but leave <STRONG>group</STRONG> ID that for anonymous user.</P><P>&nbsp;</P><P>Using root=XXX (or -superuser in case of cDOT) fixed it.</P> Mon, 30 Mar 2015 10:30:37 GMT https://community.netapp.com/t5/ONTAP-Discussions/what-rule-options-I-should-use-to-allow-client-root-has-root-privilege/m-p/102469#M20792 aborzenkov 2015-03-30T10:30:37Z