Tuesday, 4 August 2015

Some Rules for Translating 7-Mode Exports to cDOT Export Policy Rules

Focusing on sec=sys only and the possible combinations of ro, rw and root.

1) -sec=sys,ro
2) -sec=sys,rw
3) -sec=sys,ro=1.1.1.1
4) -sec=sys,rw=2.2.2.2
*) -sec=sys,root=3.3.3.3 (*Is actually rw,root=3.3.3.3)
*) -sec=sys,ro=4.4.4.4,rw=4.4.4.4 ( *IMPOSSIBLE!)
5) -sec=sys,ro=5.5.5.5,root=5.5.5.5
6) -sec=sys,rw=6.6.6.6,root=6.6.6.6
*) -sec=sys,ro=7.7.7.7,rw=7.7.7.7,root=7.7.7.7 (*IMPOSSIBLE!)

Other things in the cDOT Export Policy Rules not included below:

Access Protocol:
{Pretty much always = any}

User ID To Which Anonymous Users Are Mapped:
{Default = 65534, or specified by anon= in 7-Mode}

Honor SetUID Bits in SETATTR:
{Default = true; False if nosuid is specified in 7-Mode exports.}

Allow Creation of Devices:
{Pretty much always = true}

How to Translate the 7-Mode Exports to cDOT Export Policy Rules

1) -sec=sys,ro

Client Match...     : 0.0.0.0/0
RO Access Rule      : sys
RW Access Rule      : never
Superuser Sec. Types: none

2) -sec=sys,rw

Client Match...     : 0.0.0.0/0
RO Access Rule      : sys
RW Access Rule      : sys
Superuser Sec. Types: none

3) -sec=sys,ro=1.1.1.1

Client Match...     : 1.1.1.1
RO Access Rule      : sys
RW Access Rule      : never
Superuser Sec. Types: none

4) -sec=sys,rw=2.2.2.2

Client Match...     : 2.2.2.2
RO Access Rule      : sys
RW Access Rule      : sys
Superuser Sec. Types: none

5) -sec=sys,ro=5.5.5.5,root=5.5.5.5

Client Match...     : 5.5.5.5
RO Access Rule      : sys
RW Access Rule      : never
Superuser Sec. Types: sys

6)-sec=sys,rw=6.6.6.6,root=6.6.6.6

Client Match...     : 6.6.6.6
RO Access Rule      : sys
RW Access Rule      : sys
Superuser Sec. Types: sys

No comments:

Post a Comment