ONTAP Discussions

what rule options I should use to allow client root has root privilege?


when I run mount vs2:/.admin /mnt/vs2rw as root, and then touch a file, I got permission denied  error.


the following is the rule instance, what should I modify?

                                    Vserver: vs1

                                Policy Name: policy_test



                                 Rule Index: 1
                            Access Protocol: nfs
Client Match Hostname, IP Address, Netgroup, or Domain: x.x.x.x

                             RO Access Rule: any
                             RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: sys
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true



give "-anon" parameters value as '0' ( only for the rule with client match x.x.x.x which is the client that you want to enable root access)

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.


give "-anon" parameters value as '0'

Be aware this can seriously break access to exported filesystem. I hit this when setting up Simpana (SnapProtect) Oracle/SAP agent that must be run under specific group. Using anon=0 will change user ID but leave group ID that for anonymous user.


Using root=XXX (or -superuser in case of cDOT) fixed it.

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner