Sun Storage 7310 Unified Storage System
 
Sun Storage 7410 Unified Storage System
 
Sun ZFS Storage 7120
 
Sun Storage 7110 Unified Storage System
 
Sun ZFS Storage 7320
 
Sun ZFS Storage 7420
 
Sun Storage 7210 Unified Storage System
 

PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
 

In this Document

Goal

Fix

Applies to:

Goal

By default, using NFS as access protocol, no host has root access to the exported data. This article describes how to set up a host or list based rule in the ZFS 7000 appliance for granting root privileges to a NFS share.

Fix

By default all NFS activity done from clients mapping a share as root superuser will downgrade root user permission specs by mapping this to nobody user (least privileges on share). However in certain conditions, it may be necessary to keep these superuser permissions enabled for operations over NFS shares.

Allowing root access to the project or share can be done for specific hosts, entire nominated domains, or particular network segments. This can be achieved by:

• From the BUI  "Shares" screen select the project or filesystem share for which root privileges should be preserved for NFS
• select the Protocols section for the above project or filesystem share
• Under NFS Exceptions add the new policy and define the corresponding fields. Choose the type to be host or netgroup, DNS domain or network segment. Enter the details for the chosen type in the "Entity" field, select the "Access mode" and "Charset", then make sure to check the "Root access" checkbox
• Apply the new settings

WARNING: Please be sure that allowing root access for a particular entity is really what you need to do.  Doing so obviously may compromise the security of the data held on the shares.  It is also possible to cause problems with permissions for other users of the share by injudicious changing of file access modes or ACLs by a client who has superuser privileges.

This solution has no attachment