NetApp Commandline Cheatsheet (part5) - Об ОС *Nix - Системное администрирование - Каталог статей - Архив документации и мануалов для админов

Вторник, 06.12.2016, 02:45
Приветствую Вас Гость | RSS
Мой сайт
Главная
Регистрация
Вход
Форма входа

Меню сайта

Категории раздела
Об ОС Windows [137]
В категории размещаются статьи, касающщиеся операционных систем от Microsoft.
Об ОС *Nix [198]
В данной категории собраны статьи об ОС семейства Unix/Linux/FreeBSD/...
Справочные материалы [351]
Справка по всему разделу.
Виртуализация и Облака [46]
Networks & Routing [86]
DataBases [22]

Наш опрос
Оцените мой сайт
Всего ответов: 193

Статистика

Онлайн всего: 1
Гостей: 1
Пользователей: 0

Главная » Статьи » Системное администрирование » Об ОС *Nix

NetApp Commandline Cheatsheet (part5)

NetApp Commandline Cheatsheet

File Access using NFS

 

Export Options
actual=<path> Specifies the actual file system path corresponding to the exported file system path.
anon=<uid>|<name> Specifies the effective user ID (or name) of all anonymous or root NFS client users that access the file system path.
nosuid Disables setuid and setgid executables and mknod commands on the file system path.
ro | ro=clientid Specifies which NFS clients have read-only access to the file system path.
rw | rw=clientid Specifies which NFS clients have read-write access to the file system path.
root=clientid Specifies which NFS clients have root access to the file system path. If you specify the root= option, you must specify at least one NFS client identifier. To exclude NFS clients from the list, prepend the NFS client identifiers with a minus sign (-).
sec=sectype

Specifies the security types that an NFS client must support to access the file system path. To apply the security types to all types of access, specify the sec= option once. To apply the security types to specific types of access (anonymous, non-super user, read-only, read-write, or root), specify the sec= option at least twice, once before each access type to which it applies (anon, nosuid, ro, rw, or root, respectively).

security types could be one of the following:

none

No security. Data ONTAP treats all of the NFS client's users as anonymous users.

sys Standard UNIX (AUTH_SYS) authentication. Data ONTAP checks the NFS credentials of all of the
NFS client's users, applying the file access permissions specified for those users in the NFS server's /etc/passwd file. This is the default security type.
krb5 Kerberos(tm) Version 5 authentication. Data ONTAP uses data encryption standard (DES) key
encryption to authenticate the NFS client's users.
krb5i Kerberos(tm) Version 5 integrity. In addition to authenticating the NFS client's users, Data
ONTAP uses message authentication codes (MACs) to verify the integrity of the NFS client's remote procedure requests and responses, thus preventing "man-in-the-middle" tampering.
krb5p Kerberos(tm) Version 5 privacy. In addition to authenticating the NFS client's users and verifying data integrity, Data ONTAP encrypts NFS arguments and results to provide privacy.
Examples

rw=10.45.67.0/24
ro,root=@trusted,rw=@friendly
rw,root=192.168.0.80,nosuid

Export Commands
Displaying

exportfs
exportfs -q <path>

create

# create export in memory and write to /etc/exports (use default options)
exportfs -p /vol/nfs1

# create export in memory and write to /etc/exports (use specific options)
exportsfs -io sec=none,rw,root=192.168.0.80,nosuid /vol/nfs1

# create export in memory only using own specific options
exportsfs -io sec=none,rw,root=192.168.0.80,nosuid /vol/nfs1

remove # Memory only
exportfs -u <path>

# Memory and /etc/exportfs
exportfs -z <path>
export all exportfs -a
check access exportfs -c 192.168.0.80 /vol/nfs1
flush exportfs -f
exportfs -f <path>
reload exportfs -r
storage path exportfs -s <path>
Write export to a file exportfs -w <path/export_file>
fencing

# Suppose /vol/vol0 is exported with the following export options:
  
   -rw=pig:horse:cat:dog,ro=duck,anon=0

# The following command enables fencing of cat from /vol/vol0
exportfs -b enable save cat /vol/vol0

# cat moves to the front of the ro= list for /vol/vol0:

   -rw=pig:horse:dog,ro=cat:duck,anon=0

stats nfsstat

 

File Access using CIFS

 

Useful CIFS options
change the security style options wafl.default_security_style {ntfs | unix | mixed}
timeout options cifs.idle_timeout time
Performance options cifs.oplocks.enable on

Note: Under some circumstances, if a process has an exclusive oplock on a file and a second process attempts to open the file, the first process must invalidate cached data and flush writes and locks. The client must then relinquish the oplock and access to the file. If there is a network failure during this flush, cached write data might be lost.
CIFS Commands
useful files
/etc/cifsconfig_setup.cfg
/etc/usermap.cfs
/etc/passwd
/etc/cifsconfig_share.cfg


Note: use "rdfile" to read the file
CIFS setup cifs setup

Note: you will be prompted to answer a number of questions based on what requirements you need.
start cifs restart
stop cifs terminate

# terminate a specific client
cifs terminate <client_name>|<IP Address>
sessions cifs sessions
cifs sessions <user>
cifs sessions <IP Address>

# Authentication
cifs sessions -t

# Changes
cifs sessions -c

# Security Info
cifs session -s
Broadcast message cifs broadcast * "message"
cifs broadcast <client_name> "message"
permissions

cifs access <share> <user|group> <permission>

# Examples
cifs access sysadmins -g wheel Full Control
cifs access -delete releases ENGINEERING\mary

Note: rights can be Unix-style combinations of r w x - or NT-style "No Access", "Read", "Change", and "Full Control"

stats cifs stat <interval>
cifs stat <user>
cifs stat <IP Address>
create a share

# create a volume in the normal way

# then using qtrees set the style of the volume {ntfs | unix | mixed}

# Now you can create your share
cifs shares -add TEST /vol/flexvol1/TEST -comment "Test Share " -forcegroup workgroup -maxusers 100

change share characteristics cifs shares -change sharename {-browse | -nobrowse} {-comment desc | - nocomment} {-maxusers userlimit | -nomaxusers} {-forcegroup groupname | -noforcegroup} {-widelink | -nowidelink} {-symlink_strict_security | - nosymlink_strict_security} {-vscan | -novscan} {-vscanread | - novscanread} {-umask mask | -noumask {-no_caching | -manual_caching | - auto_document_caching | -auto_program_caching}

# example
cifs shares -change <sharename> -novscan
home directories # Display home directories
cifs homedir

# Add a home directory
wrfile -a /etc/cifs_homedir.cfg /vol/TEST

# check it
rdfile /etc/cifs_homedir.cfg

# Display for a Windows Server
net view \\<Filer IP Address>

# Connect
net use * \\192.168.0.75\TEST

Note: make sure the directory exists
domain controller

# add a domain controller
cifs prefdc add lab 10.10.10.10 10.10.10.11

# delete a domain controller
cifs prefdc delete lab

# List domain information
cifs domaininfo

# List the preferred controllers
cifs prefdc print

# Restablishing
cifs resetdc

change filers domain password cifs changefilerpwd
Tracing permission problems

sectrace add [-ip ip_address] [-ntuser nt_username] [-unixuser unix_username] [-path path_prefix] [-a]

#Examples
sectrace add -ip 192.168.10.23
sectrace add -unixuser foo -path /vol/vol0/home4 -a

# To remove
sectrace delete all
sectrace delete <index>

# Display tracing
sectrace show

# Display error code status
sectrace print-status <status_code>
sectrace print-status 1:51544850432:32:78

 

File Access using FTP

 

Useful Options
Enable options ftpd.enable on
Disable options ftpd.enable off
File Locking options ftpd.locking delete
options ftpd.locking none

Note: To prevent users from modifying files while the FTP server is transferring them, you can enable FTP file locking. Otherwise, you can disable FTP file locking. By default, FTP file locking is disabled.
Authenication Style options ftpd.auth_style {unix | ntlm | mixed}
bypassing of FTP traverse checking

options ftpd.bypass_traverse_checking on
options ftpd.bypass_traverse_checking off

Note: If the ftpd.bypass_traverse_checking option is set to off, when a user attempts to access a file using FTP, Data ONTAP checks the traverse (execute) permission for all directories in the path to the file. If any of the intermediate directories does not have the "X" (traverse permission), Data ONTAP denies access to the file. If the ftpd.bypass_traverse_checking option is set to on, when a user attempts to access a file, Data ONTAP does not check the traverse permission for the intermediate directories when determining whether to grant or deny access to the file.

Restricting FTP users to a specific directory

options ftpd.dir.restriction on
options ftpd.dir.restriction off

Restricting FTP users to their home directories or a default directory options ftpd.dir.override ""
Maximum number of connections options ftpd.max_connections n
options ftpd.max_connections_threshold n
idle timeout value options ftpd.idle_timeout n s | m | h
anonymous logins options ftpd.anonymous.enable on
options ftpd.anonymous.enable off

# specify the name for the anonymous login
options ftpd.anonymous.name username

# create the directory for the anonymous login
options ftpd.anonymous.home_dir homedir
FTP Commands
Log files /etc/log/ftp.cmd
/etc/log/ftp.xfer

# specify the max number of logfiles (default is 6) and size
options ftpd.log.nfiles 10
options ftpd.log.filesize 1G

Note: use rdfile to view
Restricting access /etc/ftpusers

Note: using rdfile and wrfile to access /etc/ftpusers
stats ftp stat

# to reset
ftp stat -z

 

Категория: Об ОС *Nix | Добавил: admin (12.10.2015)
Просмотров: 120 | Теги: NetApp, commands, console, config | Рейтинг: 0.0/0
Всего комментариев: 0
Имя *:
Email *:
Код *:
Поиск

Друзья сайта
  • Официальный блог
  • Сообщество uCoz
  • FAQ по системе
  • Инструкции для uCoz


  • Copyright MyCorp © 2016