Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

PowerProtect Data Manager 19.15 Kubernetes User Guide

Support Network File System (NFS) root squashing

Using root squashing on a Network File System (NFS) volume prevents remote root users from having root access to the volume. Without additional configuration to support NFS root squashing, these volumes cannot be backed up or restored.

Prerequisites

All files and folders on the NFS volume must be owned by the same owner and group. If any file or folder on the volume uses a different user identifier (UID) or group identifier (GID), backups fail.

Steps

  1. Create a storage class with root-client access enabled. For example, set the property RootClientEnabled when creating a PowerScale/Isilon storage class.
  2. Create a ConfigMap named ppdm-root-access-storage-class-mapping in the PowerProtect namespace.
  3. In the data section of the ConfigMap, add a storage-class mapping in the following format:

    name of storage class with root-client access disabled: name of storage class with root-client access enabled

    For example, to map isilon-root-squashing-sc to isilon-allow-backups-sc, type:

    isilon-root-squashing-sc: isilon-allow-backups-sc

    NOTE:During the restore of root squashed volumes, the data mover pod (cproxy) runs with the UID of the file owner that is captured during backup. When using storage class mapping during the restore of root squashed volume backups, ensure that the CSI driver for the target storage class sets the permissions for the PVC volume path in a manner that allows writes from pods running as nonroot. CSI drivers allow setting volume path permissions as part of the driver configuration, or as parameters in storage class. Check your CSI driver documentation for more information.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\