3 Replies Latest reply: Feb 14, 2013 11:44 PM by bloehlein RSS

Restricting NFS-Access to specific volumes

bloehlein Sprinter
Currently Being Moderated

Hi,

 

I'm trying to restrict the nfs access to volumes mounted in 1st or 2nd level of the namespace, but the linux client let's me mount all volumes and the client also sees all files.

 

I'm using clustered ONTAP 8.1.2P1 and defined two export policies, one called no-nfs allowing no access at all and the other one called nfs giving access to the volumes...

 

st228::*> volume show -fields volume,unix-permissions,junction-path,policy
vserver   volume policy unix-permissions junction-path
--------- ------ ------ ---------------- -------------
test_bl_2 level1 no-nfs ---rwxrwxrwx     /level1
test_bl_2 level2 nfs    ---rwxrwxrwx     /level1/level2
test_bl_2 vsroot no-nfs ---rwxrwxrwx     /
3 entries were displayed.


st228::*> export-policy rule show -policyname no-nfs -fields vserver,policyname,ruleindex,protocol,clientmatch,rorule,rwrule,superuser,anon
  (vserver export-policy rule show)
vserver   policyname ruleindex protocol clientmatch rorule rwrule anon  superuser
--------- ---------- --------- -------- ----------- ------ ------ ----- ---------
test_bl_2 no-nfs     1         nfs      0.0.0.0/0   none   none   65534 none


st228::*> export-policy rule show -policyname nfs -fields vserver,policyname,ruleindex,protocol,clientmatch,rorule,rwrule,superuser,anon
  (vserver export-policy rule show)
vserver   policyname ruleindex protocol clientmatch rorule rwrule anon  superuser
--------- ---------- --------- -------- ----------- ------ ------ ----- ---------
test_bl_2 nfs        1         nfs      0.0.0.0/0   any    any    65534 none

 

Is there anything else I have to do?

 

Best regards,

 

Bernd

More Like This

  • Retrieving data ...

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points