ONTAP Discussions

What is the difference between the superuser parameter sys and any in NFS export file



Can someone help me to understand the difference between the superuser "sys" and "any"?

We are on Data OnTap  9.3P6.

From the command line, there is any and sys options;

cluster::> export-policy rule modify -vserver xxxxx -policyname xxxxx -clientmatch xxxxxx -superuser
any none krb5 krb5i krb5p ntlm sys


If I use the sys parameter then the root permission is allowed but on the OnCommand System Manager GI, the client in the export policy shows UNIX at "Superuser Access" role but without the check mark on the "Allow Superuser Access".

But when I use "any" parameter then "Superuser Access" role at System Manager shows "any" with the check mark on the "Allow Superuser Access".

So what is the criteria to select "sys" or "any"?

Should I use the command line or System manager to setup the export file?

I found the artical of export-policy OnTap 9 documentation Center but it would not help me at all. 


Thank you.







sys: A matching client can access the volume if it is authenticated by NFS AUTH_SYS.

any: A matching client can access the volume regardless of security type.


So basicly "sys" works fine with classic NFSv3 access. If you start using Kerberos it won't work anymore.



Thanks your inforamtion.

We don't use Kerberos for the authentication. Usually we use System Manger to setup export file so the ROOT access option alway been checked. 

Can I say this is the inconsistance between  command line and System Manger?



NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner