Re: NFS vmware data store permissions

stanleyj42 · ‎2013-06-20

I am assigning an NFS datastore to our ESXI environment using system manager 2.2 and having trouble figuring out he proper way of doing the permissions. I would like to restrict access to only my two host and I'm trying to make sure to following the correct procedures because Im don't fully understanding the client permissions verses the root permissions when it comes to VMware.

Default settings in system manager:

Security: UNIX

Client Permissions: All Host read/write allow:yes

Anonymous access: Grant access to root users on all clients to the shared directory.

The options I am currently using:

Security: Unix

Client permissions:

- xxx.xxx.xxx.xxx read/write allow:yes

Anonymous access: Grant root access to all hosts

is this the proper way to apply the security to an nfs datastore in VMware? Do I need a deny statement for all host under client permissions and even though "grant root access to all hosts" works is that the proper option considering I know VMware must have root access.

skiser · ‎2013-06-21

I have two entries for each host in the Client Permissions section of the Export in System Manager 2.2. One is for Allow Read Write, the other is Allow Root Access. Under the Anonymous Access section, the "Grant access to root users on all clients to the shared directory" option is selected. Also, the "Enable setuid and setgid executables" option is checked.

stanleyj42 · ‎2013-07-01

Thanks for the info. That was the answer I was looking for.

What does the SetUid and Setgid option actually do though?

skiser · ‎2013-07-01

Have a look at this article. http://www.techrepublic.com/blog/security/understand-the-setuid-and-setgid-permissions-to-improve-security/2857

BEEFY1471 · ‎2014-07-03

Please ignore this post I am being stupid!