VNX NFS host access level

New finding :

Adding new host to the root level, and the read-write, then removing it frm the root, will keep the read-write, but it has to be added to root first.

not sure If Im explaning the issue clearly here, but it is just sounds weird to me.

Thats how NFS works

Any root user (UID=0) gets mapped to anon unless that client is specified as trustworthy by being included in root=

That is on top of the usual rw=,ro= clauses

So if cases where your client works as a root user you need both

I suggest to take a look at the appendix of the “Managing NFS on VNX” manual – available from Powerlink – its got a table with the effects of these options

A good book like the classic “NFS and NIS” by Hal Stern wouldn’t hurt either

Rainer

Hi,

Adding to "Aladdin's" info, if we reverse the situation, then what will be the impact?

What if we have a export which has all access/rw/root permissions and later we remove "rw" from the export and leave the "root" as it is, will there be a problem? I believe yes but I don't have a test environment to do try this.

Will customer be able to perform read/write operations?

Cheers,

Jeethendra

Yes

Please see the appendix of the Managing NFS on VNX manual – available from support.emc.com – for a detailed description on how the export options work and interact

The root clause alone doesn’t grant access – it merely defines whether UID 0 is mapped to 0 or not

If I want to give RO access to a netgroup, should we just add it to RO or both root and RO? Thanks

yes - Appendix A in the manual goes into details about the combination of export options

Have a look at the document Rainer mentioned, Managing NFS on VNX.  There's a table called "Access Mode combinations" that specifically describes what combinations of modes do

Let us know if that helps!

Karl

Thanks for this info Rainer and Karl. Appendix A seems to be very useful but little confusing on the term "Do not Specify". I have this situation.

We have two netgroups : " itg_usg_logreview_rw " need RW access and "itg_usg_logreview_ro" for RO access.

Which of the below commands perfect to achieve this task?

*****************************************************************

server_export vdmxxxx-P nfs -option sec=sys

access=itg_usg_logreview_rw:itg_usg_logreview_ro

rw=itg_usg_logreview_rw:itg_usg_logreview_ro

root=itg_usg_logreview_rw /fs_xxxx/export_name

Note: I am not adding "itg_usg_logreview_ro" to "root=" and just adding in "rw=". From previous chain of this discussion, I believe, exports which are not specified in "root=" and just specified in "rw=" get a RO permisions. Correct me If I am wrong.

**************************************************************************

*******************************************************

This command below is As per Appendix A  (Row 9) of document:

server_export vdmxxxx-P nfs -option sec=sys

access=itg_usg_logreview_rw:itg_usg_logreview_ro

rw=itg_usg_logreview_rw

ro=itg_usg_logreview_ro

root=itg_usg_logreview_rw /fs_xxxx/export_name

***************************************************************

Row 10 also seems to be better but not sure how to use this combination to achieve my task.

Please help!!

Thanks you very much in advance

see table 3 for the fundamental workings of the different options.

for you case you can either use rw= and ro= or rw= and access=

they both have the same effect

I prefer rw/ro since its easier to read and understand