Table of ContentsView in Frames

Options that help maintain security

Several options are available to help you maintain storage system security.

The following table shows the options that help maintain security:

Option Description
trusted.hosts Specifies up to five hosts that are allowed Telnet, RSH and administrative HTTP access to the storage system for administrative purposes. The default is set to an asterisk (*), which allows access to all storage systems.

This value is ignored for Telnet access if the telnet.access option is set. It is also ignored for administrative HTTP access if the httpd.admin.access option is set.

telnet.access Controls which hosts can access the storage system through a Telnet session for administrative purposes.

You can restrict Telnet access to the storage system by specifying host names, IP addresses, or network interface names. If this value is set, the trusted.hosts option is ignored for Telnet.

telnet.distinct.enable Controls whether the Telnet and the SSH environments are shared with or separate from the console environment.

When the option is set to off, a Telnet or an SSH session is shared with a console session. A Telnet or an SSH user and a console user can view each other's inputs or outputs, and they acquire the privileges of the last Telnet, SSH, or console user who logged in.

You can keep the Telnet and the SSH environments separate from the console environment by ensuring that the option is set to on.

If the setting for this option is changed during a Telnet or an SSH session, the change does not go into effect until the next Telnet or SSH login.

rsh.access Controls which hosts can access the storage system through a Remote Shell session for administrative purposes.

You can restrict Remote Shell access to the storage system by specifying host names, IP addresses, or network interface names.

ssh.access Controls which hosts can access the storage system through a Secure Shell session for administrative purposes.

You can restrict Secure Shell access to the storage system by specifying host names, IP addresses, or network interface names.

nfs.mount_rootonly Controls whether the storage system’s volumes can be mounted from NFS clients only by the root user on privileged ports (ports 1 through 1,023) or by all users on all ports.

This option is applicable only if the NFS protocol is licensed.

wafl.root_only_chown Controls whether all users or only the root user can change directory and file ownership.

This option is applicable only if the NFS protocol is licensed.

cifs.restrict_anonymous Controls whether anonymous CIFS users can look up CIFS shares, users, or groups on a storage system.

This option is applicable only if the CIFS protocol is licensed.

For more information about the options in this table, see the na_options(1) and the na_protocolaccess(8) man pages.