Table of ContentsView in Frames

What access control settings are

To determine the access control permissions, SnapDrive for UNIX checks for a permissions file in the root volume of the storage system.

The following are the rules defined for determining the access control permissions in SnapDrive for UNIX.

Note: If you have both sdhost-name.prbac and sdgeneric.prbac available in /vol/vol0/sdprbac, then use the sdhost-name.prbac to check the access permissions, as this overwrites the values provided for sdgeneric.prbac.

Setting up access control from a given host to a given vFiler unit is a manual operation. The access from a given host is controlled by a file residing in the root volume of the affected vFiler unit. The file contains the name as /vol/<vfiler root volume>/sdprbac/sdhost-name.prbac, where host-name is the name of the affected host, as returned by gethostname(3). You should ensure that this file is readable, but not writable, from the host that can access it.

Note: To determine the name of the host, run the hostname command.

If the file is empty, unreadable, or has an invalid format, SnapDrive for UNIX does not grant the host access permission to any of the operations.

If the file is missing, SnapDrive for UNIX checks the configuration variable all-access-if-rbac-unspecified in the snapdrive.conf file. If the variable is set to on (the default), it allows the hosts complete access to all these operations on that storage system. If the variables set to off, SnapDrive for UNIX denies the host permission to perform any operations governed by access control on that storage system.