vserver export-policy access-cache show-rules

Display information about the export policy rules in the access cache entry

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver export-policy access-cache show-rules command is used in conjunction with the vserver export-policy access-cache show command. The vserver export-policy access-cache show command displays the state and contents of an access cache entry on the specified node for a particular client IP address belonging to an export policy in a Vserver. The command lists the rule indexes of the export policy rules that matched. If you are interested in finding out the security settings for each policy rule that matched then you can use the vserver export-policy access-cache show-rules command. You can use the -instance switch to get a more detailed listing. Do note that the security settings of the rules cached in the access cache entry match the security settings of the rules that can be obtained by running the vserver export-policy rule show command with the corresponding rule index.

If the client IP address is not cached in access cache then the command will display an error message stating that the entry does not exist.

Parameters

{ [-fields <fieldname>, ...]
If you specify the -fields <fieldname>, ... parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.
| [-instance ]}
If you specify the -instance parameter, the command displays detailed information about all fields.
-node <nodename> - Node
This parameter specifies the node on which you want to examine the export policy rule details in the access cache entry.
-vserver <vserver name> - Vserver
This parameter specifies the name of the Vserver on which you want to see the policy rule details in the access cache entry.
-policy <export policy name> - Policy Name
This parameter specifies the name of the export policy that is in effect on the export path that the client is trying to access.
-address <IP Address> - IP Address
This parameter specifies the IP address of the client whose access cache entry you want to examine in greater detail.
[-ruleindex <integer>] - Entry Policy Rule Index
This optional parameter specifies the index number of the export rule of a specific policy.
[-protocol <Client Access Protocol>, ...] - Access Protocol
This optional parameter specifies the list access protocols of export rules.
[-rorule <authentication method>, ...] - RO Access Rule
This parameter specifies the security type for read-only access to volumes that use the export rule.
[-rwrule <authentication method>, ...] - RW Access Rule
This parameter specifies the security type for read-write access to volumes that use the export rule.
[-superuser <authentication method>, ...] - Superuser Security Types
This parameter specifies a security type for superuser access to files.
[-anon-uid <integer>] - Anonymous User ID
This parameter specifies an anonymous user ID that the user credentials are mapped to.
[-anon-gid <integer>] - Anonymous User Primary GID
This parameter specifies an anonymous User Primary GID.
[-anon-gid-list <integer>, ...] - Anonymous User GID List
This parameter specifies an anonymous User Primary GID list.
[-protocol-flags {allow-suid|allow-dev}, ...] - Protocol Flags
This parameter specifies protocol flags such as allow-suid and allow-dev.
[-ntfs-unix-security-ops {ignore|fail}] - NTFS Unix Security Options
This parameter specifies whether UNIX-type permissions changes on NTFS (Windows) volumes are prohibited (fail) or allowed (ignore).
[-chown-mode {restricted|unrestricted}] - Change Ownership Mode
This parameter specifies a change ownership mode.
[-clientmatch <text>] - Client Match String
This parameter specifies the client or clients to which the export rule applies.
[-anonuser <text>] - Anonymous Username or ID
This parameter specifies a UNIX user ID or user name that the user credentials are mapped to.

Examples

The following example shows the contents of the access cache entry for client IP address '1.2.3.4' in volume 'flex1' having export policy 'testpol' in a Vserver named 'vs1' on node 'vsim1'. This entry has two export policy rules with rule indexes 1 and 2 that matched and are cached in the entry. To examine what the rule settings are in each of these rules we can use the show-rules variant of the command.
cluster1::*>vserver export-policy access-cache show -vserver vs1 -node vsim1 -policy testpol -address 1.2.3.4

                               Node: vsim1
                            Vserver: vs1
                        Policy Name: testpol
                         IP Address: 1.2.3.4
           Access Cache Entry Flags: -
                        Result Code: 0
                  Failure Type Code: 0
     Number of Matched Policy Rules: 2
List of Matched Policy Rule Indexes: 1, 2
                       Age of Entry: 5s

cluster1::*>vserver export-policy access-cache show-rules -vserver vs1 -node vsim1 -policy testpol -address 1.2.3.4
                                     Rule  Access   RO    RW    Super Anon
Node       Address         Policy    Index Protocol Rule  Rule  User  User
---------- --------------- --------- ----- -------- ----  ----  ----- -----
vsim1      1.2.3.4         testpol   1     any      any   any   none  65534
vsim1      1.2.3.4         testpol   2     nfs3     never never sys   123
2 entries were displayed.

cluster1::*>vserver export-policy access-cache show-rules -vserver vs1 -node vsim1 -policy testpol -address 1.2.3.4 -instance

                   Vserver: vs1
                      Node: vsim1
               Policy Name: testpol
                IP Address: 1.2.3.4
          Export Policy ID: 12884901890
   Entry Policy Rule Index: 1
           Access Protocol: any
            RO Access Rule: any
            RW Access Rule: any
  Superuser Security Types: none
         Anonymous User ID: 65534
            Protocol Flags: allow-suid, allow-dev
NTFS Unix Security Options: fail
     Change Ownership Mode: restricted

                   Vserver: vs1
                      Node: vsim1
               Policy Name: testpol
                IP Address: 1.2.3.4
             Export Policy: testpol
          Export Policy ID: 12884901890
   Entry Policy Rule Index: 2
           Access Protocol: nfs3
            RO Access Rule: never
            RW Access Rule: never
  Superuser Security Types: sys
         Anonymous User ID: 123
            Protocol Flags: allow-suid
NTFS Unix Security Options: ignore
     Change Ownership Mode: restricted
2 entries were displayed.

cluster1::*> vserver export-policy rule show -vserver vs1 -policyname testpol -ruleindex 1
                                    Vserver: vs1
                                Policy Name: testpol
                                 Rule Index: 1
                            Access Protocol: any
Client Match Hostname, IP Address, Netgroup, or Domain: 0.0.0.0/0
                             RO Access Rule: any
                             RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: none
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true

cluster1::*> vserver export-policy rule show -vserver vs1 -policyname testpol -ruleindex 2
                                    Vserver: vs1
                                Policy Name: testpol
                                 Rule Index: 2
                            Access Protocol: nfs3
Client Match Hostname, IP Address, Netgroup, or Domain: 0.0.0.0/0
                             RO Access Rule: never
                             RW Access Rule: never
User ID To Which Anonymous Users Are Mapped: testu1
                   Superuser Security Types: sys
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: false