Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1380158.1
Update Date:2012-07-09
Keywords:

Solution Type  Technical Instruction Sure

Solution  1380158.1 :   Sun Storage 7000 Unified Storage System: NFS exceptions for root squash to nobody user  


Related Items
  • Sun Storage 7310 Unified Storage System
  •  
  • Sun Storage 7410 Unified Storage System
  •  
  • Sun ZFS Storage 7120
  •  
  • Sun Storage 7110 Unified Storage System
  •  
  • Sun ZFS Storage 7320
  •  
  • Sun ZFS Storage 7420
  •  
  • Sun Storage 7210 Unified Storage System
  •  
Related Categories
  • PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
  •  




In this Document
Goal
Fix


Applies to:

Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7110 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7310 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7410 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7320 - Version Not Applicable to Not Applicable [Release N/A]
7000 Appliance OS (Fishworks)

Goal

By default, using NFS as access protocol, no host has root access to the exported data. This article describes how to set up a host or list based rule in the ZFS 7000 appliance for granting root privileges to a NFS share.

Fix

By default all NFS activity done from clients mapping a share as root superuser will downgrade root user permission specs by mapping this to nobody user (least privileges on share). However in certain conditions, it may be necessary to keep these superuser permissions enabled for operations over NFS shares.

Allowing root access to the project or share can be done for specific hosts, entire nominated domains, or particular network segments. This can be achieved by:

  • From the BUI  "Shares" screen select the project or filesystem share for which root privileges should be preserved for NFS
  • select the Protocols section for the above project or filesystem share
  • Under NFS Exceptions add the new policy and define the corresponding fields. Choose the type to be host or netgroup, DNS domain or network segment. Enter the details for the chosen type in the "Entity" field, select the "Access mode" and "Charset", then make sure to check the "Root access" checkbox
  • Apply the new settings

WARNING: Please be sure that allowing root access for a particular entity is really what you need to do.  Doing so obviously may compromise the security of the data held on the shares.  It is also possible to cause problems with permissions for other users of the share by injudicious changing of file access modes or ACLs by a client who has superuser privileges.


Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback