This post expands on Examples
of 7MTT 1.4 Translating NFS Exports. Something missing from that post was how
to handle ro=.
We have this exported qtree on a 7-Mode system (line from
rdfile /etc/exports):
/vol/VOLUME001/QTREE001
-sec=sys,
ro=172.0.0.0/8:129.0.0.0/8:128.0.0.0/7:128.129.130.131,
rw=svr01.domain.priv:svr02.domain.priv,
root=svr01.domain.priv:svr02.domain.priv:172.0.0.0/8:129.0.0.0/8:128.0.0.0/7:128.129.130.131
Which 7MTT translates to the 6 rules displayed below.
The only difference between hosts specified ro or rw, is
-
ro hosts have: RW Access Rule: never
rw hosts have: RW Access Rule: sys
- and notice how the ro hosts have later indices (since
export rules are processed from top {1} to bottom).
::>
vserver export-policy rule show -policyname EXPORTPOL10 -instance
Vserver: SVM1
Policy Name: EXPORTPOL10
Rule Index: 1
Access Protocol: any
Client Match ...: svr01.domain.priv
RO Access Rule: sys
RW Access Rule: sys
... Anon. Users Mapped: 65534
Superuser Security Types: sys
Honor
SetUID Bits in SETATTR: true
Allow Creation of Devices: true
Vserver: SVM1
Policy Name: EXPORTPOL10
Rule Index: 2
Access Protocol: any
Client Match ...: svr02.domain.priv
RO Access Rule: sys
RW Access Rule: sys
... Anon. Users Mapped: 65534
Superuser Security Types: sys
Honor
SetUID Bits in SETATTR: true
Allow Creation of Devices: true
Vserver: SVM1
Policy Name: EXPORTPOL10
Rule Index: 3
Access Protocol: any
Client Match ...: 172.0.0.0/8
RO Access Rule: sys
RW Access Rule: never
... Anon. Users Mapped: 65534
Superuser Security Types: sys
Honor
SetUID Bits in SETATTR: true
Allow Creation of Devices: true
Vserver: SVM1
Policy Name: EXPORTPOL10
Rule Index: 4
Access Protocol: any
Client Match ...: 129.0.0.0/8
RO Access Rule: sys
RW Access Rule: never
... Anon. Users Mapped: 65534
Superuser Security Types: sys
Honor
SetUID Bits in SETATTR: true
Allow Creation of Devices: true
Vserver: SVM1
Policy Name: EXPORTPOL10
Rule Index: 5
Access Protocol: any
Client Match ...: 128.0.0.0/7
RO Access Rule: sys
RW Access Rule: never
... Anon. Users Mapped: 65534
Superuser Security Types: sys
Honor
SetUID Bits in SETATTR: true
Allow Creation of Devices: true
Vserver: SVM1
Policy Name: EXPORTPOL10
Rule Index: 6
Access Protocol: any
Client Match ...: 128.129.130.131
RO Access Rule: sys
RW Access Rule: never
... Anon. Users Mapped: 65534
Superuser Security Types: sys
Honor
SetUID Bits in SETATTR: true
Allow Creation of Devices: true
6
entries were displayed.
Comments
Post a Comment