Solved: export-policy rule for root volume

StefanN · ‎2016-04-12

Which recommended export-policy rules shall I provide for a root volume on a CDOT-Vserver, to give on one hand other volumes arbitrary export-policys and on the other hand prevent unwanted access via the /-path?

marcusgross · ‎2016-04-13

Hi,

we use this to prevent writing to the root volume but allow reading and traversing it to the junction:

Policy Name: default
Rule Index: 1
Access Protocol: nfs3
Client Match Hostname, IP Address, Netgroup, or Domain: <your whole network>
RO Access Rule: none
RW Access Rule: never
Superuser Security Types: none
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true

Marcus

View solution in original post

marcusgross · ‎2016-04-13

Hi,

we use this to prevent writing to the root volume but allow reading and traversing it to the junction:

Policy Name: default
Rule Index: 1
Access Protocol: nfs3
Client Match Hostname, IP Address, Netgroup, or Domain: <your whole network>
RO Access Rule: none
RW Access Rule: never
Superuser Security Types: none
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true

Marcus

export-policy rule for root volume

Export-policy for CIFS/SMB not working according to the export-policy rules

Create suid export-policy rule

ONTAP RESTAPI Export Policy patch

Export Policy ONTAP

The export policy 'default' that is inherited from the parent volume does not contain any rules.