Managing Export Policies

Name

The name of the policy.

Atime frequency

atime is a metadata attribute of NFS files that represents the last time the file was updated. atime is updated on read operations if the difference between the current time and the file's atime value is greater than the atime frequency in the export policy governing the file's export. Consider that a very low value might have a performance impact if high numbers of files are being read.

Enter the atime frequency as an integer followed by a unit of time (s = seconds, m= minutes, h=hours, d=days).

Example: 1h

Access Type

The type of access to allow hosts:

Squash

Specifies how the export responds to client side file and folder management operations, such as changing ownership or permissions.

Netgroups

Netgroups are an alternate way to specify which hosts are allowed to access those exports that are governed by the policy. This option is available only for organizations that use NIS for administrative purposes. It will work only if Configuring NIS and the Use Auth Provider option is enabled.

To specify netgroups, enter a series of netgroup keys as a comma separated list (no spaces) or enter each netgroup key, hit enter, and then enter the next.

Example: mynetgroup1,mynetgroup2,mynetgroup3

You can specify a combined total of 64 Allowed Hosts and Netgroups per export policy.

For a full explanation of the netgroup requirements, read Using NIS Netgroups to Authorize Hosts.

Allowed Hosts

These are hosts that you allow to access any exports that are bound to this export policy.

Specify a range or a subnet of IPs using CIDR notation to specify subnets. Separate values with commas.

Example: 192.0.2.0,198.51.100.0/30,198.51.100.4/31

You can specify a combined total of 64 Allowed Hosts and Netgroups per export policy.

Use Auth Provider

If enabled, a directory is used to check users' group memberships when authorizing file access. The directory can be an integrated Integrating with an LDAP Server server directory or Configuring NIS user map, or it can be Use Local User Directory to Obtain Users' Group Memberships. See Managing NFS File Access to learn more.

If disabled, file access permission is authorized by the GIDs specified in the client request itself.

Return open permissions

Sets the NFS server to unilaterally return open (777) permission for all files and directories when responding to client side access checks.

This setting works around a permissions issue that occurs with Windows clients. Windows clients perform NFSv3 access checks before executing read/write requests. This client side check uses the UID and the primary GID of the user without taking into account secondary GIDs. If the check fails, requests are not executed. This means that some permissions may not be honored as they should be, such as those based on secondary groups.

When Return open permissions is enabled, VAST Cluster returns open permissions for client side access checks, so that the Windows client allows access rights and executes read/write requests. VAST Cluster does a proper permission check when the request is executed.