NetApp Commandline Cheatsheet (part5) - Об ОС *Nix - Системное администрирование - Каталог статей - Архив документации и мануалов для админов

File Access using NFS

Export Options

actual=<path>

Specifies the actual file system path corresponding to the exported file system path.

anon=<uid>|<name>

Specifies the effective user ID (or name) of all anonymous or root NFS client users that access the file system path.

nosuid

Disables setuid and setgid executables and mknod commands on the file system path.

ro | ro=clientid

Specifies which NFS clients have read-only access to the file system path.

rw | rw=clientid

Specifies which NFS clients have read-write access to the file system path.

root=clientid

Specifies which NFS clients have root access to the file system path. If you specify the root= option, you must specify at least one NFS client identifier. To exclude NFS clients from the list, prepend the NFS client identifiers with a minus sign (-).

sec=sectype

Specifies the security types that an NFS client must support to access the file system path. To apply the security types to all types of access, specify the sec= option once. To apply the security types to specific types of access (anonymous, non-super user, read-only, read-write, or root), specify the sec= option at least twice, once before each access type to which it applies (anon, nosuid, ro, rw, or root, respectively).

security types could be one of the following:

none	No security. Data ONTAP treats all of the NFS client's users as anonymous users.
sys	Standard UNIX (AUTH_SYS) authentication. Data ONTAP checks the NFS credentials of all of the NFS client's users, applying the file access permissions specified for those users in the NFS server's /etc/passwd file. This is the default security type.
krb5	Kerberos(tm) Version 5 authentication. Data ONTAP uses data encryption standard (DES) key encryption to authenticate the NFS client's users.
krb5i	Kerberos(tm) Version 5 integrity. In addition to authenticating the NFS client's users, Data ONTAP uses message authentication codes (MACs) to verify the integrity of the NFS client's remote procedure requests and responses, thus preventing "man-in-the-middle" tampering.
krb5p	Kerberos(tm) Version 5 privacy. In addition to authenticating the NFS client's users and verifying data integrity, Data ONTAP encrypts NFS arguments and results to provide privacy.

Examples

rw=10.45.67.0/24
ro,root=@trusted,rw=@friendly
rw,root=192.168.0.80,nosuid

Export Commands

Displaying

exportfs
exportfs -q <path>

create

# create export in memory and write to /etc/exports (use default options)
exportfs -p /vol/nfs1

# create export in memory and write to /etc/exports (use specific options)
exportsfs -io sec=none,rw,root=192.168.0.80,nosuid /vol/nfs1

# create export in memory only using own specific options
exportsfs -io sec=none,rw,root=192.168.0.80,nosuid /vol/nfs1

remove

# Memory only
exportfs -u <path>

# Memory and /etc/exportfs
exportfs -z <path>

export all

exportfs -a

check access

exportfs -c 192.168.0.80 /vol/nfs1

flush

exportfs -f
exportfs -f <path>

reload

exportfs -r

storage path

exportfs -s <path>

Write export to a file

exportfs -w <path/export_file>

fencing

# Suppose /vol/vol0 is exported with the following export options:

   -rw=pig:horse:cat:dog,ro=duck,anon=0

# The following command enables fencing of cat from /vol/vol0
exportfs -b enable save cat /vol/vol0

# cat moves to the front of the ro= list for /vol/vol0:

   -rw=pig:horse:dog,ro=cat:duck,anon=0

stats

nfsstat

File Access using CIFS

Useful CIFS options
change the security style	options wafl.default_security_style {ntfs \| unix \| mixed}
timeout	options cifs.idle_timeout time
Performance	options cifs.oplocks.enable on Note: Under some circumstances, if a process has an exclusive oplock on a file and a second process attempts to open the file, the first process must invalidate cached data and flush writes and locks. The client must then relinquish the oplock and access to the file. If there is a network failure during this flush, cached write data might be lost.
CIFS Commands
useful files	/etc/cifsconfig_setup.cfg /etc/usermap.cfs /etc/passwd /etc/cifsconfig_share.cfg Note: use "rdfile" to read the file
CIFS setup	cifs setup Note: you will be prompted to answer a number of questions based on what requirements you need.
start	cifs restart
stop	cifs terminate # terminate a specific client cifs terminate <client_name>\|<IP Address>
sessions	cifs sessions cifs sessions <user> cifs sessions <IP Address> # Authentication cifs sessions -t # Changes cifs sessions -c # Security Info cifs session -s
Broadcast message	cifs broadcast * "message" cifs broadcast <client_name> "message"
permissions	cifs access <share> <user\|group> <permission> # Examples cifs access sysadmins -g wheel Full Control cifs access -delete releases ENGINEERING\mary Note: rights can be Unix-style combinations of r w x - or NT-style "No Access", "Read", "Change", and "Full Control"
stats	cifs stat <interval> cifs stat <user> cifs stat <IP Address>
create a share	# create a volume in the normal way # then using qtrees set the style of the volume {ntfs \| unix \| mixed} # Now you can create your share cifs shares -add TEST /vol/flexvol1/TEST -comment "Test Share " -forcegroup workgroup -maxusers 100
change share characteristics	cifs shares -change sharename {-browse \| -nobrowse} {-comment desc \| - nocomment} {-maxusers userlimit \| -nomaxusers} {-forcegroup groupname \| -noforcegroup} {-widelink \| -nowidelink} {-symlink_strict_security \| - nosymlink_strict_security} {-vscan \| -novscan} {-vscanread \| - novscanread} {-umask mask \| -noumask {-no_caching \| -manual_caching \| - auto_document_caching \| -auto_program_caching} # example cifs shares -change <sharename> -novscan
home directories	# Display home directories cifs homedir # Add a home directory wrfile -a /etc/cifs_homedir.cfg /vol/TEST # check it rdfile /etc/cifs_homedir.cfg # Display for a Windows Server net view \\<Filer IP Address> # Connect net use * \\192.168.0.75\TEST Note: make sure the directory exists
domain controller	# add a domain controller cifs prefdc add lab 10.10.10.10 10.10.10.11 # delete a domain controller cifs prefdc delete lab # List domain information cifs domaininfo # List the preferred controllers cifs prefdc print # Restablishing cifs resetdc
change filers domain password	cifs changefilerpwd
Tracing permission problems	sectrace add [-ip ip_address] [-ntuser nt_username] [-unixuser unix_username] [-path path_prefix] [-a] #Examples sectrace add -ip 192.168.10.23 sectrace add -unixuser foo -path /vol/vol0/home4 -a # To remove sectrace delete all sectrace delete <index> # Display tracing sectrace show # Display error code status sectrace print-status <status_code> sectrace print-status 1:51544850432:32:78

File Access using FTP

Useful Options
Enable	options ftpd.enable on
Disable	options ftpd.enable off
File Locking	options ftpd.locking delete options ftpd.locking none Note: To prevent users from modifying files while the FTP server is transferring them, you can enable FTP file locking. Otherwise, you can disable FTP file locking. By default, FTP file locking is disabled.
Authenication Style	options ftpd.auth_style {unix \| ntlm \| mixed}
bypassing of FTP traverse checking	options ftpd.bypass_traverse_checking on options ftpd.bypass_traverse_checking off Note: If the ftpd.bypass_traverse_checking option is set to off, when a user attempts to access a file using FTP, Data ONTAP checks the traverse (execute) permission for all directories in the path to the file. If any of the intermediate directories does not have the "X" (traverse permission), Data ONTAP denies access to the file. If the ftpd.bypass_traverse_checking option is set to on, when a user attempts to access a file, Data ONTAP does not check the traverse permission for the intermediate directories when determining whether to grant or deny access to the file.
Restricting FTP users to a specific directory	options ftpd.dir.restriction on options ftpd.dir.restriction off
Restricting FTP users to their home directories or a default directory	options ftpd.dir.override ""
Maximum number of connections	options ftpd.max_connections n options ftpd.max_connections_threshold n
idle timeout value	options ftpd.idle_timeout n s \| m \| h
anonymous logins	options ftpd.anonymous.enable on options ftpd.anonymous.enable off # specify the name for the anonymous login options ftpd.anonymous.name username # create the directory for the anonymous login options ftpd.anonymous.home_dir homedir
FTP Commands
Log files	/etc/log/ftp.cmd /etc/log/ftp.xfer # specify the max number of logfiles (default is 6) and size options ftpd.log.nfiles 10 options ftpd.log.filesize 1G Note: use rdfile to view
Restricting access	/etc/ftpusers Note: using rdfile and wrfile to access /etc/ftpusers
stats	ftp stat # to reset ftp stat -z