More Examples of 7MTT (2.0) Translating NFS Exports

on
This post expands on Examples of 7MTT 1.4 Translating NFS Exports. Something missing from that post was how to handle ro=.

We have this exported qtree on a 7-Mode system (line from rdfile /etc/exports):

/vol/VOLUME001/QTREE001
-sec=sys,
ro=172.0.0.0/8:129.0.0.0/8:128.0.0.0/7:128.129.130.131,
rw=svr01.domain.priv:svr02.domain.priv,
root=svr01.domain.priv:svr02.domain.priv:172.0.0.0/8:129.0.0.0/8:128.0.0.0/7:128.129.130.131

Which 7MTT translates to the 6 rules displayed below.
The only difference between hosts specified ro or rw, is -
ro hosts have: RW Access Rule: never
rw hosts have: RW Access Rule: sys
- and notice how the ro hosts have later indices (since export rules are processed from top {1} to bottom).

::> vserver export-policy rule show -policyname EXPORTPOL10 -instance

                     Vserver: SVM1
                 Policy Name: EXPORTPOL10
                  Rule Index: 1
             Access Protocol: any
            Client Match ...: svr01.domain.priv
              RO Access Rule: sys
              RW Access Rule: sys
      ... Anon. Users Mapped: 65534
    Superuser Security Types: sys
Honor SetUID Bits in SETATTR: true
   Allow Creation of Devices: true

                     Vserver: SVM1
                 Policy Name: EXPORTPOL10
                  Rule Index: 2
             Access Protocol: any
            Client Match ...: svr02.domain.priv
              RO Access Rule: sys
              RW Access Rule: sys
      ... Anon. Users Mapped: 65534
    Superuser Security Types: sys
Honor SetUID Bits in SETATTR: true
   Allow Creation of Devices: true

                     Vserver: SVM1
                 Policy Name: EXPORTPOL10
                  Rule Index: 3
             Access Protocol: any
            Client Match ...: 172.0.0.0/8
              RO Access Rule: sys
              RW Access Rule: never
      ... Anon. Users Mapped: 65534
    Superuser Security Types: sys
Honor SetUID Bits in SETATTR: true
   Allow Creation of Devices: true

                     Vserver: SVM1
                 Policy Name: EXPORTPOL10
                  Rule Index: 4
             Access Protocol: any
            Client Match ...: 129.0.0.0/8
              RO Access Rule: sys
              RW Access Rule: never
      ... Anon. Users Mapped: 65534
    Superuser Security Types: sys
Honor SetUID Bits in SETATTR: true
   Allow Creation of Devices: true

                     Vserver: SVM1
                 Policy Name: EXPORTPOL10
                  Rule Index: 5
             Access Protocol: any
            Client Match ...: 128.0.0.0/7
              RO Access Rule: sys
              RW Access Rule: never
      ... Anon. Users Mapped: 65534
    Superuser Security Types: sys
Honor SetUID Bits in SETATTR: true
   Allow Creation of Devices: true

                     Vserver: SVM1
                 Policy Name: EXPORTPOL10
                  Rule Index: 6
             Access Protocol: any
            Client Match ...: 128.129.130.131
              RO Access Rule: sys
              RW Access Rule: never
      ... Anon. Users Mapped: 65534
    Superuser Security Types: sys
Honor SetUID Bits in SETATTR: true
   Allow Creation of Devices: true

6 entries were displayed.

Comments

Post a Comment