ONTAP Discussions

What is the difference between the superuser parameter sys and any in NFS export file

chi
4,704 Views

Hi,

Can someone help me to understand the difference between the superuser "sys" and "any"?

We are on Data OnTap  9.3P6.

From the command line, there is any and sys options;

cluster::> export-policy rule modify -vserver xxxxx -policyname xxxxx -clientmatch xxxxxx -superuser
any none krb5 krb5i krb5p ntlm sys

 

If I use the sys parameter then the root permission is allowed but on the OnCommand System Manager GI, the client in the export policy shows UNIX at "Superuser Access" role but without the check mark on the "Allow Superuser Access".

But when I use "any" parameter then "Superuser Access" role at System Manager shows "any" with the check mark on the "Allow Superuser Access".

So what is the criteria to select "sys" or "any"?

Should I use the command line or System manager to setup the export file?

I found the artical of export-policy OnTap 9 documentation Center but it would not help me at all. 

 

Thank you.

 

Chi

 

 

2 REPLIES 2

moep
4,639 Views

sys: A matching client can access the volume if it is authenticated by NFS AUTH_SYS.

any: A matching client can access the volume regardless of security type.

 

So basicly "sys" works fine with classic NFSv3 access. If you start using Kerberos it won't work anymore.

chi
4,601 Views

Hi,

Thanks your inforamtion.

We don't use Kerberos for the authentication. Usually we use System Manger to setup export file so the ROOT access option alway been checked. 

Can I say this is the inconsistance between  command line and System Manger?

 

Chi

Public