Network and Storage Protocols

NFS:root option

ashutosh83

Hi All

I am trying to understand what the purpose of using the root access restriction option is while exporting an NFS share.

As per http://now.netapp.com/NOW/knowledge/docs/ontap/rel701r1_gf/html/ontap/filesag/2nfs3.htm If you specify a host with the root option, the root user on that host keeps the root UID (0) when accessing the resource.

Doesn't the root user have the UID 0?

Regards

Ashutosh

2 REPLIES 2

ashutosh83
  • By default, the anon option specifies a UID of 65534. That is, if you do not use the root and anon options for a resource, root users on all hosts access the resource using the UID 65534.
  • If the anon option specifies a UID of 65535, root access is disabled.
  • If the anon option specifies a UID of 0, root access is granted to all hosts.
  • If a name is provided instead of a UID, that name is looked up  according to the order specified in the /etc/nsswitch.conf file to  determine the corresponding UID to be assigned by the anon option.

Clarifies it. Is there anything else that I am missing to understand?

rmharwood

The root option gives the root user on an NFS client full privileges on the export. Otherwise, the root user, as you said effectively gets mapped to a UID corresponding to "nobody", a user that has no special privileges.

You may use it if you want to prevent someone who has root access on a client system from making changes on the filesystem. To be honest, it is not widely used these days.

Richard

Announcements
Register for Insight 2021 Digital

INSIGHT 2021 Digital: Meet the Specialists 2

On October 20-22, gear up for a fully digital, totally immersive virtual experience with a downright legendary lineup of world-renowned specialists. Tune in for visionary conversations, solution deep dives, technical sessions and more.

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public