First of all, I want to thank you for your prompt reply. I really thought that you were onto something, but unfortunately the listed command is not really like "exportfs -c". Let me set up a scenario to describe our need. We use netgroups heavily to configure rw, ro and root access to filesystems. Let's say I have these simple netgroups.
readonly (host1,,)
readwrite (host2,,) (host3,,)
root (host2,,)
IPs are:
host1 9.9.9.1
host2 9.9.9.2
host3 9.9.9.3
If I configure a policy that is the equivalent of:
/vol/VOL/QT -sys=sec,ro=@readonly,rw=@readwrite:@root,root=@root
In 7-mode if I run these commands I get:
# exportfs -c 9.9.9.2 /vol/VOL/QT rw
exportfs: 9.9.9.2 has rw access to /vol/VOL/QT
# exportfs -c 9.9.9.1 /vol/VOL/QT rw
exportfs: 9.9.9.1 does not have rw access to /vol/VOL/QT (Access denied)
In cDOT if I run what appears to be the equivalent command I get:
# vserver export-policy rule show -vserver MyVs -policyname MyPolicy -rwrule sys -clientmatch 9.9.9.2
There are no entries matching your query.
I also ran it without the "-rwrule sys" hoping that it would show me all matching rules, but I got the same result. The only success I can get is if I specify "-clientmatch @readwrite", but that's not helpful.
We have rare situations where, using the above hosts as an example, the forward and reverse lookups for a host don't match.
# host hosts
host2 has address 9.9.9.2
# host 9.9.9.2
2.9.9.9.in-addr.arpa domain name pointer otherhost
I need to be able to run the equivalent of "exportfs -c" against hosts that are in netgroups to ensure that the access is what I believe it to be. "exportfs -c" will correctly report that host2 (9.9.9.2) does not have access, but the "vserver export policy rule show..." command won't find that host or IP even if it resolves correctly, under these circumstances. Apparently "-clientmatch" is limited to matching only entries that are explicitly called out in a rule, and will not handle the situation where a host is part of a netgroup. I need a command that is the equivalent of "exportfs -c" in order to validate netgroup changes per our procedures. Please advise.