Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I've setup export policy like in printout on the bottom.
When I mount on a client all root created files are owned by nobody user and group.
Can this be changed to be listed as "root" owned? If I choose nfsv3 then this works as I want.
Regards
ClusterT::vserver security file-directory> vserver export-policy rule show -vserver SVM_xxxx -policyname Vol_xxxx -instance Vserver: SVM_xxxx Policy Name: Vol_xxxx Rule Index: 4 Access Protocol: nfs4 List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 10.xx.yy.zz RO Access Rule: sys RW Access Rule: sys User ID To Which Anonymous Users Are Mapped: 65534 Superuser Security Types: any Honor SetUID Bits in SETATTR: true Allow Creation of Devices: true
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The reason for this is because NFSv4 clients send symbolic user/group names rather than numeric userid/groupid as it was in NFSv2 and NFSv3 and the filer needs some way to map this symbolic names to numeric IDs. If the information in /etc/passwd and /etc/group information between the filer and the Linux host does not match, the filer will use nobody:nobody for the user/group file ownership.
Please refer to this kb:
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Network_File_System_v4_mounts_show_file_owners_as_root_or_nobody_or_nf...
Another KB: (In your print out this is already set to 'any', so this may be ruled out)
When the root user instigates the touch command to create a file, the file owner, group is set to nfsnobody (Superuser Security Type is preset to 'any'):
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/File_permissions_for_owner%2C_group_reflect_as_nfsnobody_for_ONTAP_9
Cause:
The export policy rule applied to the volume has the superuser set to 'none', which squashes the root user to anonymous user.The anonymous user by default is set to uid 65534, therefore, the files created are owned by uid 65534. UID 65534 is interpreted by some Linux clients such as RedHat as 'nfsnobody'.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mount using NFSv3
NFSv4.x uses symbolic user/group names rather than numeric userid/groupid as NFSv3 does.
NFSv4.x clients show group permission “nobody” NFSv3 shows correctly - NetApp Knowledge Base
