Table of ContentsView in Frames

What access control settings are

To determine the access control permissions, SnapDrive for UNIX checks for a permissions file in the root volume of the storage system.

The following are the rules defined for determining the access control permissions in SnapDrive for UNIX.

Note: If you have both sdhost-name.prbac and sdgeneric.prbac available in /vol/vol0/sdprbac, then use the sdhost-name.prbac to check the access permissions, as this overwrites the values provided for sdgeneric.prbac.

Setting up access control from a given host to a given vFiler unit is a manual operation. The access from a given host is controlled by a file residing in the root volume of the affected vFiler unit. The file contains the name as /vol/<vfiler root volume>/sdprbac/sdhost-name.prbac, where host-name is the name of the affected host, as returned by gethostname(3). You should ensure that this file is readable, but not writable, from the host that can access it.

Note: To determine the name of the host, run the hostname command.

If the file is empty, unreadable, or has an invalid format, SnapDrive for UNIX does not grant the host access permission to any of the operations.

Setting up access control from a given host to a given Vserver unit is a manual operation. The access from a given host is controlled by a file residing in the root volume of the affected Vserver unit. This file has the name /vol/<vserver root volume>/sdhost-name.prbac, where host-name is the name of the affected host, as returned by gethostname(3). You should ensure that this file is readable, but not writable, from the host that can access it.

Note: To mount the Vserver root volume on the host system and create *.prbac file(s), execute the following command mount <vservername>:/ <mntpoint>

If the file is missing, SnapDrive for UNIX checks the configuration variable all-access-if-rbac-unspecified in the snapdrive.conf file. If the variable is set to on (the default), it allows the hosts complete access to all these operations on that storage system. If the variables set to off, SnapDrive for UNIX denies the host permission to perform any operations governed by access control on that storage system.