| Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback |
| Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition | ||
|
|
||
 |
||||||||||||||||
Solution Type Problem Resolution Sure Solution 2137942.1 : Oracle ZFS Storage Appliance: Why can clients mount /export and see shares they do not have permission to access?
In this Document
Created from <SR 3-12551935571> Applies to:Oracle ZFS Storage ZS3-2 - Version All Versions to All Versions [Release All Releases]Oracle ZFS Storage ZS3-4 - Version All Versions to All Versions [Release All Releases] Oracle ZFS Storage ZS4-4 - Version All Versions to All Versions [Release All Releases] Oracle ZFS Storage ZS3-BA - Version All Versions to All Versions [Release All Releases] Sun Storage 7110 Unified Storage System - Version All Versions to All Versions [Release All Releases] 7000 Appliance OS (Fishworks) SymptomsA client is allowed to mount /export and view all shares presented by the appliance, even those to which it does not have access.
CauseIn the ZFS Storage Appliance Management interface under the NFS service there is a setting for "Mount visibility".
In the Browser User Interface (BUI) this is under Configuration > Services > NFS
This setting can be seen in the Command Line Interface (CLI) using: zfssa:> configuration services nfs get mount_visibility
mount_visibility = full
SolutionThe Mount visibility property lets you limit the availability of information about share access lists and remote mounts from NFS clients. Setting this to "Restricted" restricts access such that a client can see only the shares which it is allowed to access. Setting this to "Full" allows all clients to see shares regardless of their access permissions. Oracle ZFS Storage Appliance Administration Guide, NFS Properties
Before changing this parameter make sure you are aware of any possible impacts this will have on your environment.
Attachments This solution has no attachment |
||||||||||||||||
|
||||||||||||||||