Sun Storage 5210 NAS Appliance
 
Sun Storage 5310 NAS Appliance
 
Sun Storage 5320 NAS Appliance
 
Sun Storage 5310 NAS Gateway System
 

GCS>Sun Microsystems>Storage - Disk>Network Attached Storage
 

Share access can be limited to an individual windows workstation or group of workstations.  This restriction can be done by ip address, host name, hostgroup or netgroup. This could be useful when trying to provide share access to an individual workstation or group of workstations.
The process to configure hostgroups for securing windows shares.
1. At the NAS head create one or more hostgroups
Choose the following from the lefthand GUI window:
unix configuration
configure nfs
set up hostgroups
choose add icon under 'groups'
2. At the NAS head, add individual hosts to the respective hostgroups
Choose the following from the lefthand GUI window:
unix configuration
configure nfs
set up hostgroups
choose add icon under 'group members'
NOTE: A host can be placed in more than 1 host group
3. Once hostgroups are configured, the approve file must be HAND EDITED.
Document ID: 83456 Sun StorEdge[TM] 5210/5310 NAS Appliance : Editing the
Approve file to add NFS exports...
provides the steps for moving the file from the NAS head to a host to perform the edits.  It also provides greater detail to the format of the file.  Below is the syntax for the changes that are specific to windows shares.
The syntax for the share entry in the approve file is as follows:
share  <sharename>   <ipaddr|hostname|@hostgroup|&netgroup> Access=<rw|ro|none>
These entries work the same way as the "files" entries for NFS EXCEPT that the default is to allow rw access.
For example if no entry is found, the client will be given rw access to the share.
To limit access to a share to a single host or hostgroup would require multiple
entries. One to grant access to the host or group and another to deny access to
everyone else.
In this example a hostgroup called mygroup has been created and hosts added.
rw access to the share 'myshare' has been granded to this hostgroup and denied for everyone else.
## open up to all hosts in 'mygroup'
share   myshare   @mygroup   access=rw
## deny access to everyone else
share   myshare   @general   access=none
To deny access to a group of hosts only requires a single entry.
The hosts in the hostgroup 'badgroup' have been denied access to the share 'anothershare'
## deny access to all hosts in hostgroup 'badgroup'
share   anothershare   @badgroup   access=none
## by default all others will have 'rw' access
Once the changes to the approve file have been made and the file has been transfered back to the NAS head as instructed in InfoDoc 83456, it is recommended that the NAS head be rebooted instead of just reloading the approve file.  The reboot will cause the windows side to update properly.

This solution has no attachment