ONTAP Discussions

Export policy assigned to / junction path

TimJMcCuen

I want to make sure I am setting up my junction path correctly.    I have two volumes under my SVM.  Both clients / servers have the same exact permissions so therefore I create a single export policy which includes both server IPs.     On the junction path I applied this export policy to both the the volumes I created.    My question is I believe I should change Path "/" export policy  from the default to the same one that is applied to the two volumes?    Is this correct or should the path "/" export policy be left at default?   Thank you.

1 ACCEPTED SOLUTION

TMAC_CTG

Two thoughts on this

 1. allow the default police to be wide open but read only. Put a rule in that says: ro=any (or sys), rw=none, superuser =none with a client match of 0.0.0.0/0. The thought is to allow everyone to read and when a new volume is created and a policy not immediately applied would at least be read only

 2. More secure: apply your secured policy to the root svm volume

 

 a client must go through the root and if it does not have access to / it will not have access to any junction paths in the namespace

View solution in original post

2 REPLIES 2

TimJMcCuen

Makes sense.  Thank you very much

 

TMAC_CTG

Two thoughts on this

 1. allow the default police to be wide open but read only. Put a rule in that says: ro=any (or sys), rw=none, superuser =none with a client match of 0.0.0.0/0. The thought is to allow everyone to read and when a new volume is created and a policy not immediately applied would at least be read only

 2. More secure: apply your secured policy to the root svm volume

 

 a client must go through the root and if it does not have access to / it will not have access to any junction paths in the namespace

View solution in original post

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public