You can append the following qualifiers to IP addresses when specifying client access.
| Qualifier | Description | Applicable to |
|---|---|---|
| read_write, readwrite, rw | Grants read and write access. This is the default setting. | SMB shares and NFS exports |
| read_only, readonly, ro | Grants read-only access. | SMB shares and NFS exports |
| noaccess, no_access | Denies the specified clients access. | SMB shares, NFS exports, and iSCSI targets |
| root_squash, rootsquash | Maps user and group IDs of 0 to the anonymous user or group. This is the default setting. | NFS exports |
| no_root_squash, norootsquash | Turns off root squashing. | NFS exports |
| all_squash, allsquash | Maps all user IDs and group IDs to the anonymous user or group. | NFS exports |
| no_all_squash, noallsquash | Turns off all squashing. This is the default setting. | NFS exports |
| secure | Requires requests to originate from an IP port lower than 1024. Access to such ports is normally restricted to administrators of the client machine. To turn this off, use the insecure option. | NFS exports |
| insecure | Turns off the secure option. This is the default setting. | NFS exports |
| anon_uid, anonuid | Explicitly sets an anonymous user ID. | NFS exports |
| anon_gid, anongid | Explicitly sets an anonymous group ID. | NFS exports |
| (sec=<mode>) | Specifies the NFS security flavor, where <mode> is a colon delimited list of allowed security flavors (sys:krb5:krb5i:krb5p). | NFS exports |
The following qualifiers are examples:
- 10.1.2.38(ro)
Grants read-only access to the client with IP address 10.1.2.38.
- 10.1.2.0/24(ro)
Grants read-only access to all clients with an IP address in the range 10.1.2.0 to 10.1.2.255.
- yourcompanydept(ro)
Grants read-only access to all members of the NIS group.
- *.mycompany.com(ro,
anonuid=20)
Grants read-only access to all clients with a computer name that ends in .mycompany.com. All squashed requests are treated as if they originated from user ID 20.
- 10.1.*.* (readonly,
allsquash, anonuid=10, anongid=10)
Grants read-only access to all the matching clients with IP address beginning with 10.1. All requests are squashed to the anonymous user, which is explicitly set as user ID 10 and group ID 10.
- The order that the entries are specified is important.
*(ro)
10.1.2.38(rw)
The first grants read-only access to all clients, the second line grants read/write access to the specified client. These lines must be transposed to grant write access to 10.1.2.38.
- 10.1.1.*(sec=sys),10.1.2.*(sec=krb5:krb5i:krb5p),*(sec=krb5p)
- Clients in the 10.1.1.* subnet use sys authentication.
- Clients in the 10.1.2.* subnet to use krb5, krb5i, or krb5p.
- All other clients use krb5p.
Note: To improve system performance, specify client access IP address or IP address ranges before specifying host name or NIS netgroups.