Unsolved
This post is more than 5 years old
6 Posts
0
6517
VNX NFS host access level
Hello Gurus,
Im still new to EMC world.
We have got a new VNX, in the new NFS share, which ever hosts we put in rw field, they still get read only, unless we put them in the root access field as well.
Is that how NFS export works in nfs? I have to put all the hosts in root access level, so they can have read and write?
What Im trying to acheive is to give read/write permission to a set of hosts?
I read the NFS guide for VNX, and still not able to differentiate the root access hosts from the read write, as in other NAS flavor, you dont see the root option.
Thanks
Al
Aladdin_Ab
6 Posts
0
August 31st, 2012 02:00
New finding :
Adding new host to the root level, and the read-write, then removing it frm the root, will keep the read-write, but it has to be added to root first.
not sure If Im explaning the issue clearly here, but it is just sounds weird to me.
Rainer_EMC
8.6K Posts
0
August 31st, 2012 03:00
Thats how NFS works
Any root user (UID=0) gets mapped to anon unless that client is specified as trustworthy by being included in root=
That is on top of the usual rw=,ro= clauses
So if cases where your client works as a root user you need both
I suggest to take a look at the appendix of the “Managing NFS on VNX” manual – available from Powerlink – its got a table with the effects of these options
A good book like the classic “NFS and NIS” by Hal Stern wouldn’t hurt either
Rainer
Jeethendra_seth
10 Posts
0
June 23rd, 2015 03:00
Hi,
Adding to "Aladdin's" info, if we reverse the situation, then what will be the impact?
What if we have a export which has all access/rw/root permissions and later we remove "rw" from the export and leave the "root" as it is, will there be a problem? I believe yes but I don't have a test environment to do try this.
Will customer be able to perform read/write operations?
Cheers,
Jeethendra
Rainer_EMC
8.6K Posts
0
June 23rd, 2015 03:00
Yes
Please see the appendix of the Managing NFS on VNX manual – available from support.emc.com – for a detailed description on how the export options work and interact
The root clause alone doesn’t grant access – it merely defines whether UID 0 is mapped to 0 or not
Jeethendra_seth
10 Posts
0
October 20th, 2015 22:00
If I want to give RO access to a netgroup, should we just add it to RO or both root and RO? Thanks
Rainer_EMC
8.6K Posts
0
October 21st, 2015 06:00
yes - Appendix A in the manual goes into details about the combination of export options
umichklewis
1.2K Posts
0
October 21st, 2015 06:00
Have a look at the document Rainer mentioned, Managing NFS on VNX. There's a table called "Access Mode combinations" that specifically describes what combinations of modes do
Let us know if that helps!
Karl
Jeethendra_seth
10 Posts
0
October 21st, 2015 19:00
Thanks for this info Rainer and Karl. Appendix A seems to be very useful but little confusing on the term "Do not Specify". I have this situation.
We have two netgroups : " itg_usg_logreview_rw " need RW access and "itg_usg_logreview_ro" for RO access.
Which of the below commands perfect to achieve this task?
*****************************************************************
server_export vdmxxxx-P nfs -option sec=sys
access=itg_usg_logreview_rw:itg_usg_logreview_ro
rw=itg_usg_logreview_rw:itg_usg_logreview_ro
root=itg_usg_logreview_rw /fs_xxxx/export_name
Note: I am not adding "itg_usg_logreview_ro" to "root=" and just adding in "rw=". From previous chain of this discussion, I believe, exports which are not specified in "root=" and just specified in "rw=" get a RO permisions. Correct me If I am wrong.
**************************************************************************
*******************************************************
This command below is As per Appendix A (Row 9) of document:
server_export vdmxxxx-P nfs -option sec=sys
access=itg_usg_logreview_rw:itg_usg_logreview_ro
rw=itg_usg_logreview_rw
ro=itg_usg_logreview_ro
root=itg_usg_logreview_rw /fs_xxxx/export_name
***************************************************************
Row 10 also seems to be better but not sure how to use this combination to achieve my task.
Please help!!
Thanks you very much in advance
Rainer_EMC
8.6K Posts
0
October 22nd, 2015 13:00
see table 3 for the fundamental workings of the different options.
for you case you can either use rw= and ro= or rw= and access=
they both have the same effect
I prefer rw/ro since its easier to read and understand
Jeethendra_seth
10 Posts
0
October 26th, 2015 21:00
Thank you so much Rainer.