vserver export-policy access-cache show-rules
Display information about the export policy rules in the access cache entry
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver export-policy access-cache show-rules
command is used in conjunction with the vserver export-policy access-cache show command. The vserver export-policy access-cache show command displays the state and contents of an access cache entry on the specified node for a particular client IP address belonging to an export policy in a Vserver. The command lists the rule indexes of the export policy rules that matched. If you are interested in finding out the security settings for each policy rule that matched then you can use the ` vserver export-policy access-cache show-rules` command. You can use the -instance switch to get a more detailed listing. Do note that the security settings of the rules cached in the access cache entry match the security settings of the rules that can be obtained by running the vserver export-policy rule show command with the corresponding rule index.
If the client IP address is not cached in access cache then the command will display an error message stating that the entry does not exist.
Parameters
- {
[-fields <fieldname>,…]
-
If you specify the
-fields <fieldname>, …
parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify. - |
[-instance ]
} -
If you specify the
-instance
parameter, the command displays detailed information about all fields. -node <nodename>
- Node-
This parameter specifies the node on which you want to examine the export policy rule details in the access cache entry.
-vserver <vserver name>
- Vserver-
This parameter specifies the name of the Vserver on which you want to see the policy rule details in the access cache entry.
-policy <export policy name>
- Policy Name-
This parameter specifies the name of the export policy that is in effect on the export path that the client is trying to access.
-address <IP Address>
- IP Address-
This parameter specifies the IP address of the client whose access cache entry you want to examine in greater detail.
[-ruleindex <integer>]
- Entry Policy Rule Index-
This optional parameter specifies the index number of the export rule of a specific policy.
[-protocol <Client Access Protocol>,…]
- Access Protocol-
This optional parameter specifies the list access protocols of export rules.
[-rorule <authentication method>,…]
- RO Access Rule-
This parameter specifies the security type for read-only access to volumes that use the export rule.
[-rwrule <authentication method>,…]
- RW Access Rule-
This parameter specifies the security type for read-write access to volumes that use the export rule.
[-superuser <authentication method>,…]
- Superuser Security Types-
This parameter specifies a security type for superuser access to files.
[-anon-uid <integer>]
- Anonymous User ID-
This parameter specifies an anonymous user ID that the user credentials are mapped to.
[-anon-gid <integer>]
- Anonymous User Primary GID-
This parameter specifies an anonymous User Primary GID.
[-anon-gid-list <integer>,…]
- Anonymous User GID List-
This parameter specifies an anonymous User Primary GID list.
[-protocol-flags {allow-suid|allow-dev}]
- Protocol Flags-
This parameter specifies protocol flags such as allow-suid and allow-dev.
[-ntfs-unix-security-ops {ignore|fail}]
- NTFS Unix Security Options-
This parameter specifies whether UNIX-type permissions changes on NTFS (Windows) volumes are prohibited (fail) or allowed (ignore).
[-chown-mode {restricted|unrestricted}]
- Change Ownership Mode-
This parameter specifies a change ownership mode.
[-clientmatch <text>]
- Client Match String-
This parameter specifies the client or clients to which the export rule applies.
[-anonuser <text>]
- Anonymous Username or ID-
This parameter specifies a UNIX user ID or user name that the user credentials are mapped to.
Examples
The following example shows the contents of the access cache entry for client IP address '1.2.3.4' in volume 'flex1' having export policy 'testpol' in a Vserver named 'vs1' on node 'vsim1'. This entry has two export policy rules with rule indexes 1 and 2 that matched and are cached in the entry. To examine what the rule settings are in each of these rules we can use the show-rules variant of the command.
cluster1::*>vserver export-policy access-cache show -vserver vs1 -node vsim1 -policy testpol -address 1.2.3.4 Node: vsim1 Vserver: vs1 Policy Name: testpol IP Address: 1.2.3.4 Access Cache Entry Flags: - Result Code: 0 Failure Type Code: 0 Number of Matched Policy Rules: 2 List of Matched Policy Rule Indexes: 1, 2 Age of Entry: 5s cluster1::*>vserver export-policy access-cache show-rules -vserver vs1 -node vsim1 -policy testpol -address 1.2.3.4 Rule Access RO RW Super Anon Node Address Policy Index Protocol Rule Rule User User ---------- --------------- --------- ----- -------- ---- ---- ----- ----- vsim1 1.2.3.4 testpol 1 any any any none 65534 vsim1 1.2.3.4 testpol 2 nfs3 never never sys 123 2 entries were displayed. cluster1::*>vserver export-policy access-cache show-rules -vserver vs1 -node vsim1 -policy testpol -address 1.2.3.4 -instance Vserver: vs1 Node: vsim1 Policy Name: testpol IP Address: 1.2.3.4 Export Policy ID: 12884901890 Entry Policy Rule Index: 1 Access Protocol: any RO Access Rule: any RW Access Rule: any Superuser Security Types: none Anonymous User ID: 65534 Protocol Flags: allow-suid, allow-dev NTFS Unix Security Options: fail Change Ownership Mode: restricted Vserver: vs1 Node: vsim1 Policy Name: testpol IP Address: 1.2.3.4 Export Policy: testpol Export Policy ID: 12884901890 Entry Policy Rule Index: 2 Access Protocol: nfs3 RO Access Rule: never RW Access Rule: never Superuser Security Types: sys Anonymous User ID: 123 Protocol Flags: allow-suid NTFS Unix Security Options: ignore Change Ownership Mode: restricted 2 entries were displayed. cluster1::*> vserver export-policy rule show -vserver vs1 -policyname testpol -ruleindex 1 Vserver: vs1 Policy Name: testpol Rule Index: 1 Access Protocol: any Client Match Hostname, IP Address, Netgroup, or Domain: 0.0.0.0/0 RO Access Rule: any RW Access Rule: any User ID To Which Anonymous Users Are Mapped: 65534 Superuser Security Types: none Honor SetUID Bits in SETATTR: true Allow Creation of Devices: true cluster1::*> vserver export-policy rule show -vserver vs1 -policyname testpol -ruleindex 2 Vserver: vs1 Policy Name: testpol Rule Index: 2 Access Protocol: nfs3 Client Match Hostname, IP Address, Netgroup, or Domain: 0.0.0.0/0 RO Access Rule: never RW Access Rule: never User ID To Which Anonymous Users Are Mapped: testu1 Superuser Security Types: sys Honor SetUID Bits in SETATTR: true Allow Creation of Devices: false