为什么导出策略不限制客户端的访问?
适用于
ONTAP 9
问题
设置如下。
TEST-01::*> cifs share show -vserver test-fs02 -instance
Vserver: test-fs02
Share: test
CIFS Server NetBIOS Name: TEST-FS02
Path: /test
Share Properties: oplocks
browsable
changenotify
show-previous-versions
Symlink Properties: symlinks
File Mode Creation Mask: -
Directory Mode Creation Mask: -
Share Comment: -
Share ACL: Everyone / Full Control
File Attribute Cache Lifetime: -
Volume Name: test
Offline Files: manual
Vscan File-Operations Profile: standard
Maximum Tree Connections on Share: 4294967295
UNIX Group for File Create: -
Vserver: test-fs02
Share: qtree01
CIFS Server NetBIOS Name: TEST-FS02
Path: /test/qtree01
Share Properties: oplocks
browsable
changenotify
show-previous-versions
Symlink Properties: symlinks
File Mode Creation Mask: -
Directory Mode Creation Mask: -
Share Comment: -
Share ACL: Everyone / Full Control
File Attribute Cache Lifetime: -
Volume Name: test
Offline Files: manual
Vscan File-Operations Profile: standard
Maximum Tree Connections on Share: 4294967295
UNIX Group for File Create: -
TEST-01::*> qtree show -vserver test-fs02 -volume test -instance
Vserver Name: test-fs02
Volume Name: test
Qtree Name: ""
Actual (Non-Junction) Qtree Path: /vol/test
Security Style: ntfs
Oplock Mode: enable
Unix Permissions: -
Qtree Id: 0
Qtree Status: normal
Export Policy: default
Is Export Policy Inherited: true
Vserver Name: test-fs02
Volume Name: test
Qtree Name: qtree01
Actual (Non-Junction) Qtree Path: /vol/test/qtree01
Security Style: ntfs
Oplock Mode: enable
Unix Permissions: -
Qtree Id: 1
Qtree Status: normal
Export Policy: testpolicy
Is Export Policy Inherited: false
TEST-01::*> export-policy rule show -instance
Vserver: test-fs02
Policy Name: default
Rule Index: 1
Access Protocol: cifs
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0.0.0.0/0
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: any
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true
NTFS Unix Security Options: fail
Vserver NTFS Unix Security Options: use_export_policy
Change Ownership Mode: restricted
Vserver Change Ownership Mode: use_export_policy
Vserver: test-fs02
Policy Name: testpolicy
Rule Index: 1
Access Protocol: cifs
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 192.168.1.0/24
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: none
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true
NTFS Unix Security Options: fail
Vserver NTFS Unix Security Options: use_export_policy
Change Ownership Mode: restricted
Vserver Change Ownership Mode: use_export_policy
将 Windows 客户端( 192.168.2.1 )跳转连接到 CIFS 共享 "\\test-fs02\test" 后,我们可以在文件夹 "test" 下确认文件夹 "qtree01" 。
现在,即使客户端 IP 地址与 192.168.1.x 不是同一子网,文件夹 "qtree01" 也可以打开