Using NFS v4.x in-band security and have anonymous access to ONTAP mount
Applies to
- ONTAP 9
- NFS 4.1
- NFS 4.2
Issue
- When running NFSv4.1 client command
ls -l
(orll
), the user and group show up erroneously as99
as shown below:
centos01$ ls -al mydir/ total 8 drwxr-xr-x. 2 99 99 4096 Jul 22 07:33 . drwxrwxrwx. 4 99 99 4096 Jul 22 07:33 .. -rw-r--r--. 1 99 99 0 Jul 22 07:33 foo
- root volume export has
Superuser Security Types
set tonone
::> export-policy rule show -vserver SVM -inst
Vserver: SVM
Policy Name: default
Rule Index: 1
Access Protocol: nfs
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0.0.0.0/0
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: none
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true
- NFS permissions cannot be changed using
chmod
by any user as the file is owned by anonymous