ONTAP Discussions

how to set a cifs volume/share read only

FelixZhou
4,656 Views

We are on ONTAP 9.7 on AFF300, currently we have a need to set a CIFS volume or shares as read only. is there a simple way to do so?

On EMC, we can simply set file system mount option as read only. after migrated to NetApp, we couldn't find same way.

We have growing shares, after certain size, we will run final backup, set it as read only, then create a new share on new volume.

Can you please share if you have experience on this?

thanks. 

1 ACCEPTED SOLUTION

jcolonfzenpr
4,619 Views

Export policies and it rules are created at SVM level but can be applied at various levels; SVM, volume or qtree at mount points

 

Look for nfs export policies documentation.

 

I always do this type of experiments with the netapp simulator first.

 

kindly,

Jon.

Jonathan Colón | Blog | Linkedin

View solution in original post

6 REPLIES 6

FelixZhou
4,646 Views

thanks, good information. 

is that possible to apply the export policy roles to volumes instead of SVM?

We have multiple volumes under same SVM but only some of them wanted to set read only.

jcolonfzenpr
4,620 Views

Export policies and it rules are created at SVM level but can be applied at various levels; SVM, volume or qtree at mount points

 

Look for nfs export policies documentation.

 

I always do this type of experiments with the netapp simulator first.

 

kindly,

Jon.

Jonathan Colón | Blog | Linkedin

paul_stejskal
4,565 Views

You can also set the volume itself read only. Unless ONTAP has changed you should be able to still mount a CIFS share.

adimitropoulos
4,648 Views

You can simple set the share permissions to "read" to everyone and file level permissions to"read only" to everyone or specifically to the group of users you want to have access on the share.

 

 

FelixZhou
4,644 Views

thanks.

that can be an option.

AS SAN team, we are only managing the storage, we thought it is better to limit the volume as read only on storage instead of shares.

in case they can create new shares without noticing SAN team.

Public