Index  |  Top  -  Up Data ONTAP 8.3

vserver export-policy rule create

Create a rule

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver export-policy rule create command creates an export rule and adds it to a policy. To create an export rule, you must specify the following items: You can optionally specify the following items:

Parameters

-vserver <vserver name> - Vserver

This parameter specifies the Vserver on which the export policy is located.

-policyname <text> - Policy Name

This parameter specifies the name of the export policy to which you want to add the new export rule. The export policy must already exist. To create an export policy, see the vserver export-policy create command.

[-ruleindex <integer>] - Rule Index

This optional parameter specifies the index number of the export rule that you want to create. If you specify an index number that already matches a rule, the index number of the existing rule is incremented, as are the index numbers of all subsequent rules, either to the end of the list or to an open space in the list. If you do not specify an index number, the new rule is placed at the end of the policy's list.

[-protocol <client access protocol>, ...] - Access Protocol

This optional parameter specifies the list of access protocols for which you want to apply the export rule. Possible values include the following: You can specify a comma-separated list of multiple access protocols for an export rule. If you specify the protocol as any, you cannot specify any other protocols in the list. If you do not specify this parameter, the value defaults to any.

-clientmatch <text> - Client Match Hostname, IP Address, Netgroup, or Domain

This parameter specifies the client or clients to which the export rule applies. You can specify the match in any of the following formats: Note: Entering an IP address range, such as 10.1.12.10-10.1.12.70, is not allowed. Entries in this format are interpreted as a text string and treated as a hostname.

-rorule <authentication method>, ... - RO Access Rule

This parameter specifies the security type for read-only access to volumes that use the export rule. Possible values include the following: You can specify a comma-separated list of multiple security types for an export rule. If you specify the security type as any or never, you cannot specify any other security types.
Note:

-rwrule <authentication method>, ... - RW Access Rule

This parameter specifies the security type for read-write access to volumes that use the export rule. Possible values include the following: You can specify a comma-separated list of multiple security types for an export rule. If you specify the security type as any or never, you cannot specify any other security types.
Note:

[-anon <text>] - User ID To Which Anonymous Users Are Mapped

This parameter specifies a UNIX user ID or user name that the user credentials are mapped to when evaluation of rorule or superuser parameters result in user being mapped to the anonymous user. The default setting of this parameter is 65534, which is normally associated with the user name nobody. The following notes apply to the use of this parameter:

[-superuser <authentication method>, ...] - Superuser Security Types

This parameter specifies a security type for superuser access to files. The default setting of this parameter is none. Possible values include the following: You can specify a comma-separated list of multiple security types for superuser access. If you specify the security type as any, you cannot specify any other security types.
Note:

[-allow-suid {true|false}] - Honor SetUID Bits in SETATTR

This parameter specifies whether set user ID (suid) and set group ID (sgid) access is enabled by the export rule. The default setting is true.

[-allow-dev {true|false}] - Allow Creation of Devices

This parameter specifies whether the creation of devices is enabled by the export rule. The default setting is true.

[-ntfs-unix-security-ops {ignore|fail}] - NTFS Unix Security Options (privilege: advanced)

This parameter specifies whether UNIX-type permissions changes on NTFS (Windows) volumes are prohibited (fail) or allowed (ignore) when the request originates from an NFS client. The default setting is fail.

[-chown-mode {restricted|unrestricted}] - Change Ownership Mode (privilege: advanced)

This parameter specifies who is allowed to change the ownership mode of a file. The default setting is restricted. The allowed values are:

Examples

The following example creates an export rule with index number 1 in an export policy named read_only_expolicy on a Vserver named vs0. The rule matches all clients in the domain named example.com. The rule enables all access protocols. It enables read-only access by any matching client and requires authentication by AUTH_SYS, NTLM, or Kerberos 5 for read-write access. Clients with the UNIX user ID zero are mapped to user ID 65534 (which normally maps to the user name nobody). It does not enable suid and sgid access or the creation of devices.
vs1::> vserver export-policy rule create -vserver vs0 -policyname read_only_expolicy -ruleindex 1 
-protocol any -clientmatch .example.com -rorule any -rwrule "ntlm,krb5,sys" -anon 65534 -allow-suid false 
-allow-dev false

See Also

vserver export-policy create  
Index  |  Top  -  Up Data ONTAP 8.3

Copyright © 1994-2015 NetApp, Inc. Legal Information