Table of ContentsView in Frames

Examples of export policies in Cluster-Mode

You can review example export policies to better understand how export policies work in Cluster-Mode.

Sample 7-Mode export policy

The following is an example of a 7-Mode export as it appears in the /etc/export file:

/vol/vol1 -sec=sys,ro=@readonly_netgroup,rw=@readwrite_netgroup1:
@readwrite_netgroup2:@rootaccess_netgroup,root=@rootaccess_netgroup
To reproduce this export as a Cluster-Mode export policy, you have to create an export policy with four export rules, and then apply the export policy to the volume vol1.
Rule Element Value
Rule 1 Client Specification @readonly_netgroup1
Rule Index (or position of export rule in the list of rules) 1
Access Protocols NFS
Allow Read Only access Selected, with UNIX selected for the authentication method
Rule 2 Client Specification @rootaccess_netgroup
Rule Index 2
Access Protocols NFS
Allow Superuser access Selected, with UNIX selected for the authentication method
Rule 3 Client Specification @readwrite_netgroup1
Rule Index 3
Access Protocols NFS
Allow Read Write access Selected, with UNIX selected for the authentication method
Rule 4 Client Specification @readwrite_netgroup2
Rule Index 4
Access Protocols NFS
Allow Read Write access Selected, with UNIX selected for the authentication method

Export policy that implements fencing

The following example shows how to provide read/write access to some clients and read-only access to others.

This export policy requires two rules:

Rule Element Value
Rule 1 Client Specification host1
Rule Index (or position of export rule in the list of rules) 1
Access Protocols NFSv3
Allow Read-Write access Selected, with Any selected for the authentication method.
Rule 2 Client Specification .example.com
Rule Index 2
Access Protocols NFSv3
Allow Read Only access Selected, with Any selected for the authentication method

Export policy where the rule index value is important

This example shows how to define a set of restrictions that permit the following access to a volume:

Implementing these restrictions requires the creation of an export policy that contains two rules:

Rule Element Value
Rule 1 Client Specification @netgroup_1
Rule Index (or position of export rule in the list of rules) 1
Access Protocols NFSv3
Allow Read Only access Selected, with UNIX selected
Allow Superuser access Selected, with UNIX selected
Rule 2 Client Specification 0.0.0.0/0
Rule Index 2
Access Protocols NFSv3
Allow Read-Write access Any
Note: The order of the rules is important because rules in an export policy are processed in numerical order, and processing stops after a rule is satisfied for a client. Therefore, if you swapped the two rules such that Rule 2 had a rule index value of 1, then clients in netgroup_1 will have read/write access to the volume.

Also, this export policy enables superuser access only for users of clients in netgroup_1. Users with root access to clients that are not in netgroup_1 are mapped to the UNIX user ID=65534, or "Nobody."