IP address export qualifiers

File Service Administration Guide for Hitachi NAS Platform

Version
14.9.x
Audience
anonymous
Part Number
MK-92HNAS006-31
The following table describes qualifiers that can be appended to IP addresses when specifying client access to an NFS export:
Qualifier Description
read_write, readwrite, rw Grants read/write access. This is the default setting.
read_only, readonly, ro Grants read-only access.
root_squash, rootsquash Maps user and group IDs of 0 (zero) to the anonymous user or group. This is the default setting.
no_root_squash, norootsquash Turns off root squashing.
all_squash, allsquash Maps all user IDs and group IDs to the anonymous user or group.
no_all_squash, noallsquash Turns off all squashing. This is the default setting.
secure Requires requests to originate from an IP port less than 1024. Access to such ports is normally restricted to administrators of the client machine. To turn it off, use the insecure option.
insecure Turns off the secure option. This is the default setting.
anon_uid, anonuid Explicitly sets an anonymous user ID.
anon_gid, anongid Explicitly sets an anonymous group ID.
noaccess, no_access Denies the specified clients access to the export.
(sec=<mode>) Allows you to specify the flavor of NFS security, where <mode> is a colon delimited list of allowed security flavors (sys:krb5:krb5i:krb5p).
Here are some examples:
  • 10.1.2.38(ro)

    Grants read-only access to the client whose IP address is 10.1.2.38.

  • 10.1.2.0/24(ro)

    Grants read-only access to all clients whose IP address is within the range 10.1.2.0 to 10.1.2.255.

  • yourcompanydept(ro)

    Grants read-only access to all members of the NIS group yourcompanydept.

  • *.mycompany.com(ro, anonuid=20)

    Grants read-only access to all clients whose computer name ends.mycompany.com. All squashed requests are to be treated as if they originated from user ID 20.

  • 10.1.*.* (readonly, allsquash, anonuid=10, anongid=10)

    Grants read-only access to all the matching clients. All requests are squashed to the anonymous user, which is explicitly set as user ID 10 and group ID 10.

  • The order in which the entries are specified is important. Take the following two lines:

    *(ro)

    10.1.2.38(rw)

    The first grants read-only access to all clients, whereas the second grants read/write access to the specified client. The second line is redundant, however, as the first line matches all clients. These lines must be transposed to grant write access to 10.1.2.38.

  • 10.1.1.*(sec=sys),10.1.2.*(sec=krb5:krb5i:krb5p),*(sec=krb5p)
    • Clients in the 10.1.1.* subnet use sys authentication.
    • Clients in the 10.1.2.* subnet to use krb5, krb5i, or krb5p.
    • All other clients use krb5p.
    Note: To improve performance, when specifying clients that can access an export, it is recommended that you specify IP addresses or IP address ranges, including those that include wildcards, before specifying host names or NIS netgroups.