ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • vserver export-policy access-cache show-rules

    Display information about the export policy rules in the access cache entry

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    The vserver export-policy access-cache show-rules command is used in conjunction with the vserver export-policy access-cache show command. The vserver export-policy access-cache show command displays the state and contents of an access cache entry on the specified node for a particular client IP address belonging to an export policy in a Vserver. The command lists the rule indexes of the export policy rules that matched. If you are interested in finding out the security settings for each policy rule that matched then you can use the ` vserver export-policy access-cache show-rules` command. You can use the -instance switch to get a more detailed listing. Do note that the security settings of the rules cached in the access cache entry match the security settings of the rules that can be obtained by running the vserver export-policy rule show command with the corresponding rule index.

    If the client IP address is not cached in access cache then the command will display an error message stating that the entry does not exist.

    Parameters

    { [-fields <fieldname>,…​]

    If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

    | [-instance ] }

    If you specify the -instance parameter, the command displays detailed information about all fields.

    -node <nodename> - Node

    This parameter specifies the node on which you want to examine the export policy rule details in the access cache entry.

    -vserver <vserver name> - Vserver

    This parameter specifies the name of the Vserver on which you want to see the policy rule details in the access cache entry.

    -policy <export policy name> - Policy Name

    This parameter specifies the name of the export policy that is in effect on the export path that the client is trying to access.

    -address <IP Address> - IP Address

    This parameter specifies the IP address of the client whose access cache entry you want to examine in greater detail.

    [-ruleindex <integer>] - Entry Policy Rule Index

    This optional parameter specifies the index number of the export rule of a specific policy.

    [-protocol <Client Access Protocol>,…​] - Access Protocol

    This optional parameter specifies the list access protocols of export rules.

    [-rorule <authentication method>,…​] - RO Access Rule

    This parameter specifies the security type for read-only access to volumes that use the export rule.

    [-rwrule <authentication method>,…​] - RW Access Rule

    This parameter specifies the security type for read-write access to volumes that use the export rule.

    [-superuser <authentication method>,…​] - Superuser Security Types

    This parameter specifies a security type for superuser access to files.

    [-anon-uid <integer>] - Anonymous User ID

    This parameter specifies an anonymous user ID that the user credentials are mapped to.

    [-anon-gid <integer>] - Anonymous User Primary GID

    This parameter specifies an anonymous User Primary GID.

    [-anon-gid-list <integer>,…​] - Anonymous User GID List

    This parameter specifies an anonymous User Primary GID list.

    [-protocol-flags {allow-suid|allow-dev}] - Protocol Flags

    This parameter specifies protocol flags such as allow-suid and allow-dev.

    [-ntfs-unix-security-ops {ignore|fail}] - NTFS Unix Security Options

    This parameter specifies whether UNIX-type permissions changes on NTFS (Windows) volumes are prohibited (fail) or allowed (ignore).

    [-chown-mode {restricted|unrestricted}] - Change Ownership Mode

    This parameter specifies a change ownership mode.

    [-clientmatch <text>] - Client Match String

    This parameter specifies the client or clients to which the export rule applies.

    [-anonuser <text>] - Anonymous Username or ID

    This parameter specifies a UNIX user ID or user name that the user credentials are mapped to.

    Examples

    The following example shows the contents of the access cache entry for client IP address '1.2.3.4' in volume 'flex1' having export policy 'testpol' in a Vserver named 'vs1' on node 'vsim1'. This entry has two export policy rules with rule indexes 1 and 2 that matched and are cached in the entry. To examine what the rule settings are in each of these rules we can use the show-rules variant of the command.

    cluster1::*>vserver export-policy access-cache show -vserver vs1 -node vsim1 -policy testpol -address 1.2.3.4
    Node: vsim1
                                Vserver: vs1
                            Policy Name: testpol
                             IP Address: 1.2.3.4
               Access Cache Entry Flags: -
                            Result Code: 0
                      Failure Type Code: 0
         Number of Matched Policy Rules: 2
    List of Matched Policy Rule Indexes: 1, 2
                           Age of Entry: 5s
    
    cluster1::*>vserver export-policy access-cache show-rules -vserver vs1 -node vsim1 -policy testpol -address 1.2.3.4
                                         Rule  Access   RO    RW    Super Anon
    Node       Address         Policy    Index Protocol Rule  Rule  User  User
    ---------- --------------- --------- ----- -------- ----  ----  ----- -----
    vsim1      1.2.3.4         testpol   1     any      any   any   none  65534
    vsim1      1.2.3.4         testpol   2     nfs3     never never sys   123
    2 entries were displayed.
    
    cluster1::*>vserver export-policy access-cache show-rules -vserver vs1 -node vsim1 -policy testpol -address 1.2.3.4 -instance
    Vserver: vs1
                          Node: vsim1
                   Policy Name: testpol
                    IP Address: 1.2.3.4
              Export Policy ID: 12884901890
       Entry Policy Rule Index: 1
               Access Protocol: any
                RO Access Rule: any
                RW Access Rule: any
      Superuser Security Types: none
             Anonymous User ID: 65534
                Protocol Flags: allow-suid, allow-dev
    NTFS Unix Security Options: fail
         Change Ownership Mode: restricted
    Vserver: vs1
                          Node: vsim1
                   Policy Name: testpol
                    IP Address: 1.2.3.4
                 Export Policy: testpol
              Export Policy ID: 12884901890
       Entry Policy Rule Index: 2
               Access Protocol: nfs3
                RO Access Rule: never
                RW Access Rule: never
      Superuser Security Types: sys
             Anonymous User ID: 123
                Protocol Flags: allow-suid
    NTFS Unix Security Options: ignore
         Change Ownership Mode: restricted
    2 entries were displayed.
    
    cluster1::*> vserver export-policy rule show -vserver vs1 -policyname testpol -ruleindex 1
                                        Vserver: vs1
                                    Policy Name: testpol
                                     Rule Index: 1
                                Access Protocol: any
    Client Match Hostname, IP Address, Netgroup, or Domain: 0.0.0.0/0
                                 RO Access Rule: any
                                 RW Access Rule: any
    User ID To Which Anonymous Users Are Mapped: 65534
                       Superuser Security Types: none
                   Honor SetUID Bits in SETATTR: true
                      Allow Creation of Devices: true
    
    cluster1::*> vserver export-policy rule show -vserver vs1 -policyname testpol -ruleindex 2
                                        Vserver: vs1
                                    Policy Name: testpol
                                     Rule Index: 2
                                Access Protocol: nfs3
    Client Match Hostname, IP Address, Netgroup, or Domain: 0.0.0.0/0
                                 RO Access Rule: never
                                 RW Access Rule: never
    User ID To Which Anonymous Users Are Mapped: testu1
                       Superuser Security Types: sys
                   Honor SetUID Bits in SETATTR: true
                      Allow Creation of Devices: false
    Top of Page