Network Storage Protocols Discussions
Which recommended export-policy rules shall I provide for a root volume on a CDOT-Vserver, to give on one hand other volumes arbitrary export-policys and on the other hand prevent unwanted access via the /-path?
See The Solution
we use this to prevent writing to the root volume but allow reading and traversing it to the junction:
Policy Name: defaultRule Index: 1Access Protocol: nfs3Client Match Hostname, IP Address, Netgroup, or Domain: <your whole network>RO Access Rule: noneRW Access Rule: neverSuperuser Security Types: noneHonor SetUID Bits in SETATTR: trueAllow Creation of Devices: true
View solution in original post