Notice
Exports were replaced by Views in VAST Cluster 3.0.1.
Use export policies to control client access to exports. Every export must be bound to an export policy.
From the menu (click
), select Configuration and then select the Export Policies tab.
Click
.
-
Complete the fields:
Field
Description
Name
The name of the policy.
Atime frequency
atime is a metadata attribute of NFS files that represents the last time the file was updated. atime is updated on read operations if the difference between the current time and the file's atime value is greater than the atime frequency in the export policy governing the file's export. Consider that a very low value might have a performance impact if high numbers of files are being read.
Enter the atime frequency as an integer followed by a unit of time (s = seconds, m= minutes, h=hours, d=days).
Example: 1h
Access Type
The type of access to allow hosts:
Read Write
Read Only
Squash
Specifies how the export responds to client side file and folder management operations, such as changing ownership or permissions.
Root Squash. The root user is converted to nobody when performing file and folder management operations. This option enables you to prevent the strongest super user from corrupting all user data on your VAST Cluster .
No Squash (default). All operations are supported. Use this option if you trust the root user not to perform operations that will corrupt data.
All Squash. All users are converted to nobody when performing file and folder management operations.
Netgroups
Notice
Netgroups are supported from VAST Cluster 2.0.6.
Note
Only Network Information Service (NIS) netgroups are supported.
Netgroups are an alternate way to specify which hosts are allowed to access those exports that are governed by the policy. This option is available only for organizations that use NIS for administrative purposes. It will work only if Configuring NIS and the Use Auth Provider option is enabled.
To specify netgroups, enter a series of netgroup keys as a comma separated list (no spaces) or enter each netgroup key, hit enter, and then enter the next.
Example: mynetgroup1,mynetgroup2,mynetgroup3
You can specify a combined total of 64 Allowed Hosts and Netgroups per export policy.
For a full explanation of the netgroup requirements, read Using NIS Netgroups to Authorize Hosts.
Allowed Hosts
These are hosts that you allow to access any exports that are bound to this export policy.
Specify a range or a subnet of IPs using CIDR notation to specify subnets. Separate values with commas.
Example: 192.0.2.0,198.51.100.0/30,198.51.100.4/31
You can specify a combined total of 64 Allowed Hosts and Netgroups per export policy.
Use Auth Provider
If enabled, a directory is used to check users' group memberships when authorizing file access. The directory can be an integrated Integrating with an LDAP Server server directory or Configuring NIS user map, or it can be Use Local User Directory to Obtain Users' Group Memberships. See Managing NFS File Access to learn more.
If disabled, file access permission is authorized by the GIDs specified in the client request itself.
Return open permissions
Sets the NFS server to unilaterally return open (777) permission for all files and directories when responding to client side access checks.
This setting works around a permissions issue that occurs with Windows clients. Windows clients perform NFSv3 access checks before executing read/write requests. This client side check uses the UID and the primary GID of the user without taking into account secondary GIDs. If the check fails, requests are not executed. This means that some permissions may not be honored as they should be, such as those based on secondary groups.
When Return open permissions is enabled, VAST Cluster returns open permissions for client side access checks, so that the Windows client allows access rights and executes read/write requests. VAST Cluster does a proper permission check when the request is executed.
Caution
Use this feature with caution if Windows client systems are shared by more than one user, since the following security breach could occur: While a user is accessing a file with correct permissions and the file is cached in memory on the Windows system, if another user tries to access the same file, access is incorrectly allowed. No proper access check is done for the second user.
-
Click Create.
The export policy is created.
-
On the Export Policies tab (
> Configuration > Export Policies), hover over the row of the the export policy you want modify, under the far right column, until the Edit button (
) appears, and then click the button.
Make your changes (see Creating an Export Policy)
Click Update to save your changes.
To manage export policies via the CLI, use the following commands.
Comments
0 comments
Please sign in to leave a comment.