Network and Storage Protocols

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Ask a Question

C-DOT Share NFS export-policy level, hide list volume and qtree

ovea
‎2016-04-14 09:29 AM
2,331 Views

Hello,

 

C-DOT 8.3.2

 

We would like to mask the qtree list for the difference users for an export NFS V3

Actually we have some volumes with qtree for differents customers

Each qtree have a policy access with the customer IP address

 

With this configuration, the server1 can see all volumes and qtree :

 

# ls /mnt/

volTEST01

 

# ls /mnt/volTEST01

server01 server02

 

qtree list

- /volTEST01/server01

- /volTEST01/server02

 

Customer server: server01

IP : 192.168.1.2

 

/ export-policy : default

/volTEST export-policy : default

/volTEST/server01 export-policy : server01-policy

 

> export-policy rule show -vserver svmTEST -policyname default -instance

                                    Vserver: svmTEST

                                Policy Name: default

                                 Rule Index: 1

                            Access Protocol: nfs

Client Match Hostname, IP Address, Netgroup, or Domain: 0.0.0.0/0

                             RO Access Rule: sys

                             RW Access Rule: never

User ID To Which Anonymous Users Are Mapped: 65534

                   Superuser Security Types: none

               Honor SetUID Bits in SETATTR: true

                  Allow Creation of Devices: true

 

> export-policy rule show -vserver svmTEST -policyname server01-policy -instance 

 

                                    Vserver:svmTEST

                                Policy Name:server01

                                 Rule Index: 1

                            Access Protocol: nfs

Client Match Hostname, IP Address, Netgroup, or Domain: 192.168.1.2

                             RO Access Rule: any

                             RW Access Rule: any

User ID To Which Anonymous Users Are Mapped: 65534

                   Superuser Security Types: any

               Honor SetUID Bits in SETATTR: true

                  Allow Creation of Devices: true

 

> vol show -vserver svmTEST -volume svmTEST_root -instance

                                  Export Policy: default

                                        User ID: 0

                                       Group ID: 0

                                 Security Style: unix

                               UNIX Permissions: ---rwxr-xr-x

                                  Junction Path: /

                           Junction Path Source: -

 

> vol show -vserver svmTEST -volume volTEST -instance

                                  Export Policy: default

                                        User ID: 0

                                       Group ID: 0

                                 Security Style: unix

                               UNIX Permissions: ---rwxr-xr-x

                                  Junction Path: /volTEST

                           Junction Path Source: RW_volume

                                Junction Active: true

                         Junction Parent Volume: svmTEST_root

 

 

With this configuration :

 

We change the unix permissions of the SVM root and on the volume :

We remove read access for other on the root and volume

 

> vol show -vserver svmTEST -volume svmTEST_root -instance

                               UNIX Permissions:  ---rwxr-x—x

 

> vol show -vserver svmTEST -volume volTEST -instance

                               UNIX Permissions:  ---rwxr-x--x

 

# ls /mnt/

ls: cannot open directory /mnt/: Permission denied

# ls /mnt/volTEST/

ls: cannot open directory /mnt/volTEST/: Permission denied

 

It’s the good way ?

Is there another way to hide the list of shares?

 

Regards,

0 Kudos
View By:
0 REPLIES 0
Announcements
All Community Forums
Public