ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Restricting NFS-Access to specific volumes

bloehlein
‎2013-02-14 12:57 AM
10,462 Views

Hi,

I'm trying to restrict the nfs access to volumes mounted in 1st or 2nd level of the namespace, but the linux client let's me mount all volumes and the client also sees all files.

I'm using clustered ONTAP 8.1.2P1 and defined two export policies, one called no-nfs allowing no access at all and the other one called nfs giving access to the volumes...

st228::*> volume show -fields volume,unix-permissions,junction-path,policy
vserver   volume policy unix-permissions junction-path
--------- ------ ------ ---------------- -------------
test_bl_2 level1 no-nfs ---rwxrwxrwx     /level1
test_bl_2 level2 nfs    ---rwxrwxrwx     /level1/level2
test_bl_2 vsroot no-nfs ---rwxrwxrwx     /
3 entries were displayed.
st228::*> export-policy rule show -policyname no-nfs -fields vserver,policyname,ruleindex,protocol,clientmatch,rorule,rwrule,superuser,anon
  (vserver export-policy rule show)
vserver   policyname ruleindex protocol clientmatch rorule rwrule anon  superuser
--------- ---------- --------- -------- ----------- ------ ------ ----- ---------
test_bl_2 no-nfs     1         nfs      0.0.0.0/0   none   none   65534 none
st228::*> export-policy rule show -policyname nfs -fields vserver,policyname,ruleindex,protocol,clientmatch,rorule,rwrule,superuser,anon
  (vserver export-policy rule show)
vserver   policyname ruleindex protocol clientmatch rorule rwrule anon  superuser
--------- ---------- --------- -------- ----------- ------ ------ ----- ---------
test_bl_2 nfs        1         nfs      0.0.0.0/0   any    any    65534 none

Is there anything else I have to do?

Best regards,

Bernd

0 Kudos
View By:
Tags (1)
3 REPLIES 3

bloehlein
‎2013-02-14 06:29 AM
10,462 Views

Hi Irapua,

we're talking about clustered ONTAP, so sadly no qtree-level exports this time, just at the volume level.

Best regards,

Bernd

0 Kudos

mrinal
NetApp
‎2013-02-14 12:49 PM
In response to bloehlein
10,462 Views

Hi Bernd,

Have a look at this KB, https://kb.netapp.com/support/index?page=content&id=1013380&actp=LIST. It has a good explanation along with examples of how you can achieve your objective.

Hope this helps.

0 Kudos

bloehlein
‎2013-02-14 11:44 PM
In response to mrinal
10,462 Views

Hi Mrinal,

changing the unix-permissions of the root-volume to 771 did the trick...

st228::>  volume show -fields volume,unix-permissions,junction-path,policy
vserver   volume policy unix-permissions junction-path
--------- ------ ------ ---------------- -------------
test_bl_2 level1 no-nfs ---rwxrwxrwx     /level1
test_bl_2 level2 nfs    ---rwxrwxrwx     /level1/level2
test_bl_2 vsroot no-nfs ---rwxrwx--x     /
3 entries were displayed.
st228::>

Best regards,

Bernd

0 Kudos
Announcements
All Community Forums
Public