What are The Best Practices for restricting NFS share permissions?
Our storage supports NFSv3, NFSv4, NFSv4.1, LDAP Domain Settings and NIS Domain Settings.
NFS Shares supports “Network group” (network group name configured in the LDAP or NIS domain)
What are the Recommended options on...
Permission Constraint:
- all_squash: The user ID (UID) and group ID (GID) of a shared directory are mapped to user nobody,
- no_all_squash: The UID and GID of a shared directory are reserved
root Permission Constraint:
- root_squash: The client cannot access the storage system as user root. If a client accesses the storage system as user root, the client will be mapped as user nobody.
- no_root_squash: allows a client to access the file system as user root that has full control and access permissions for shared directories. If a share is used to create a VM, no_root_squash is recommended.
Source Port Verification:
- secure: If secure is selected, clients can use ports 1 to 1023 to access NFS shares.
- insecure: If insecure is selected, clients can use any port to access NFS shares.
Anonymous User ID (Set the UID and GID of the user accessing the shared directory who is mapped as an anonymous user)
CommServe runs Windows 2016.
Media Agent Servers runs Linux OS.
CommVault FR 11.24.12