What is the difference between the superuser parameter sys and any in NFS export file

chi · ‎2018-11-01

Hi,

Can someone help me to understand the difference between the superuser "sys" and "any"?

We are on Data OnTap 9.3P6.

From the command line, there is any and sys options;

cluster::> export-policy rule modify -vserver xxxxx -policyname xxxxx -clientmatch xxxxxx -superuser
any none krb5 krb5i krb5p ntlm sys

If I use the sys parameter then the root permission is allowed but on the OnCommand System Manager GI, the client in the export policy shows UNIX at "Superuser Access" role but without the check mark on the "Allow Superuser Access".

But when I use "any" parameter then "Superuser Access" role at System Manager shows "any" with the check mark on the "Allow Superuser Access".

So what is the criteria to select "sys" or "any"?

Should I use the command line or System manager to setup the export file?

I found the artical of export-policy OnTap 9 documentation Center but it would not help me at all.

Thank you.

Chi

moep · ‎2018-11-02

sys: A matching client can access the volume if it is authenticated by NFS AUTH_SYS.

any: A matching client can access the volume regardless of security type.

So basicly "sys" works fine with classic NFSv3 access. If you start using Kerberos it won't work anymore.

chi · ‎2018-11-02

Hi,

Thanks your inforamtion.

We don't use Kerberos for the authentication. Usually we use System Manger to setup export file so the ROOT access option alway been checked.

Can I say this is the inconsistance between command line and System Manger?

Chi

What is the difference between the superuser parameter sys and any in NFS export file

NetApp's KB Wins Again!

Open File Handle Parameter

NFS exports to different sets of systems on the same SVM

nfs exports

FAS2552 Bios BSD and Bootloader files

how to edit etc/exports file