AIX client forcing creation of files with an incorrect GID with anon export-policy

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 43

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
NFSv3
Export-Policy
AIX Client

Issue

GID is incorrect when creating and listing files in an NFS export
The export-policy has a rule defined to force the client to connect with a specific UID

::*> export-policy rule show -vserver <vserver_name> -policyname <policy_name> -ruleindex 1



         Vserver: <vserver_name>

         Policy Name: <policy_name>

         Rule Index: 1

         Access Protocol: nfs

         List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 10.99.99.1,10.99.99.2,10.99.99.3

         RO Access Rule: none

         RW Access Rule: none

         User ID To Which Anonymous Users Are Mapped: 999

         Superuser Security Types: none

         Honor SetUID Bits in SETATTR: true

         Allow Creation of Devices: true

         NTFS Unix Security Options: fail

         Vserver NTFS Unix Security Options: use_export_policy

         Change Ownership Mode: restricted

         Vserver Change Ownership Mode: use_export_policy



::*> unix-user show -vserver <vserver_name> -user user1

        Vserver: <vserver_name>

        User Name: user1

        User ID: 999

        Primary Group ID: 900

If the export is mounted using NFSv4 and a file is created the with root user, the group assigned to the file the owner is correct :

root@machine1:/folder> touch testfile

root@machine1:/folder> ls -l

-rw-r--r--    1 user1  group1   0 testfile

If the export is mounted using NFSv3 and a file is created with the root user, the owner group assigned to the file is incorrect:

root@machine1:/folder1> touch testfile1 root@machine1:/folder1> ls -l -rw-r--r-- 1 user1 system 0 testfile1

With a *nix client there is no issue in either version of NFS