Solved: Re: Export policy assigned to / junction path

TimJMcCuen · ‎2021-11-10

I want to make sure I am setting up my junction path correctly. I have two volumes under my SVM. Both clients / servers have the same exact permissions so therefore I create a single export policy which includes both server IPs. On the junction path I applied this export policy to both the the volumes I created. My question is I believe I should change Path "/" export policy from the default to the same one that is applied to the two volumes? Is this correct or should the path "/" export policy be left at default? Thank you.

TMACMD · ‎2021-11-10

Two thoughts on this

1. allow the default police to be wide open but read only. Put a rule in that says: ro=any (or sys), rw=none, superuser =none with a client match of 0.0.0.0/0. The thought is to allow everyone to read and when a new volume is created and a policy not immediately applied would at least be read only

2. More secure: apply your secured policy to the root svm volume

a client must go through the root and if it does not have access to / it will not have access to any junction paths in the namespace

View solution in original post

TMACMD · ‎2021-11-10

Two thoughts on this

1. allow the default police to be wide open but read only. Put a rule in that says: ro=any (or sys), rw=none, superuser =none with a client match of 0.0.0.0/0. The thought is to allow everyone to read and when a new volume is created and a policy not immediately applied would at least be read only

2. More secure: apply your secured policy to the root svm volume

a client must go through the root and if it does not have access to / it will not have access to any junction paths in the namespace

TimJMcCuen · ‎2021-11-10

Makes sense. Thank you very much