Working with a new customer today and they are extremely security conscious. They would prefer to specify a non-root user instead of root in /etc/exports. I seem to recall we used to suggest changing this in ESX many many revs of TR-3428 ago but can no longer find it. Is it possible and if so how is it done ? If not is there a limitation where ESX must use root ?
3 REPLIES 3
Re: Does ESX over NFS require root access in the exports file ?
As far as have seen. Root access is crucial in some cases. I've met problem on vSphere 5.x (Ess+) that without root access sometimes datastore keeps meta information of accessing hosts through takeover-giveback process so NFS share become RO. (File level RO, so i was able to create files and directories through datastore browser but as unable to write even one byte to files, without difference, newly created or existed before.)
After giving root access to share for hosts of ESX cluster - operation returned to normal.
So better give root access for ESX hosts, and better to write it in stone (/etc/exports).
And for sure - SAN network for vSphere cluster must be isolated VLAN, in optimal - unaccessible physically from outer networks. (Nothing for BlackBerry mr. Stetson - just healthy level of paranoia)