What access control settings are
Contributors Download PDF of this page
To determine user access, SnapDrive for UNIX checks one of two permissions files in the root volume of the storage system. You must check the rules set in those file to evaluate access control.
sdhost-name.prbacfile is in the directory
/vol/vol0/sdprbac(SnapDrive permissions roles-based access control).
The file name is
host-nameis the name of the host to which the permissions apply. You can have a permissions file for each host attached to the storage system. You can use the
snapdrive config accesscommand to display information about the permissions available for a host on a specific storage system.
sdhost-name.prbacdoes not exist, then use the
sdgeneric.prbacfile to check the access permissions.
sdgeneric.prbacfile is also in the directory
The file name
sdgeneric.prbacis used as the default access settings for multiple hosts that do not have access to
sdhost-name.prbacfile on the storage system.
If you have both
sdgeneric.prbac files available in the
/vol/vol0/sdprbac path, then use the
sdhost-name.prbac to check the access permissions, as this overwrites the values provided for
If you do not have
sdgeneric.prbac files, then check the configuration variable
all-access-if-rbac-unspecified that is defined in the
Setting up access control from a given host to a given vFiler unit is a manual operation. The access from a given host is controlled by a file residing in the root volume of the affected vFiler unit. The file contains
/vol/<vfiler root volume>/sdprbac/sdhost-name.prbac, where the
host-name is the name of the affected host, as returned by gethostname(3). You should ensure that this file is readable, but not writable, from the host that can access it.
To determine the name of the host, run the
If the file is empty, unreadable, or has an invalid format, SnapDrive for UNIX does not grant the host access to any of the operations.
Setting up access control from a given host to a given Vserver unit is a manual operation. The access from a given host is controlled by a file residing in the root volume of the affected Vserver unit. This file has the name
/vol/<vserver root volume>/sdhost-name.prbac, where host-name is the name of the affected host, as returned by
gethostname(3). You should ensure that this file is readable, but not writable, from the host that can access it.
To mount the Vserver root volume on the host system and create
If the file is missing, SnapDrive for UNIX checks the configuration variable
all-access-if-rbac-unspecified in the
snapdrive.conf file. If the variable is set to
on (default value), it allows the hosts complete access to all these operations on that storage system. If the variable is set to
off, SnapDrive for UNIX denies the host permission to perform any operations governed by access control on that storage system.