TheKoguryo's Tech Blog

 Version 2024-11-29

Warning

This content has been generated by machine translation. The translations are automated and have not undergone human review or validation.

8.3 Export Option for Access Control

Permission control through Export Option setting

  1. Move to the detail screen of the file system created earlier. Click Export created in the Export list as shown in the figure below.

    image-20220114141620618

  2. At the bottom of the Export detail screen, NFS Export Options are displayed as shown in the figure.

    The default created option is accessible as Read/Write from all clients (0.0.0.0/0).

    image-20220114141725071

  3. Click Edit NFS Export Options.

  4. Add the Public Subnet (10.0.0.0/24) with test VM on top of the existing option to be read-only.

    If the IP of the test VM is 10.0.0.12, both options are Source. In this case, matching is applied first in order, and in fact, only read-only access is possible according to the first condition.

    image-20220114142344080

  5. Setup complete

    image-20220114142615594

Test Permissions on File System

  1. Connect to the VM you tested earlier.

  2. Check if the existing file can be read.

    ls -la /mnt/FSS-Storage/
    cat /mnt/FSS-Storage/hello1.txt
    
    • Execution result

      [opc@examplelinuxinstance FSS-Storage]$ ls -la /mnt/FSS-Storage/
      total 17
      drwxr-xr-x. 2 root root  2 Jan 14 02:35 .
      drwxr-xr-x. 3 root root 25 Jan 14 01:59 ..
      drwxr-xr-x. 2 root root  0 Jan 14 05:34 .snapshot
      -rw-r--r--. 1 opc  opc  19 Jan 14 02:18 hello1.txt
      [opc@examplelinuxinstance FSS-Storage]$ cat /mnt/FSS-Storage/hello1.txt
      Hello File Storage
      
  3. Attempt to write a new file.

    echo 'Hello File Storage' >/mnt/FSS-Storage/hello2.txt
    
    • Execution result

      As shown below, it corresponds to Public Subnet (10.0.0.0/24) and an error occurs when writing.

      [opc@examplelinuxinstance FSS-Storage]$ hostname -I
      10.0.0.12
      [opc@examplelinuxinstance FSS-Storage]$ echo 'Hello File Storage' >/mnt/FSS-Storage/hello2.txt
      -bash: /mnt/FSS-Storage/hello2.txt: Read-only file system
      

Re-check the permissions after changing the order of Export Option

  1. Go back to the NFS Export Option change screen.

  2. Adjust and update the order through the Move Up and Down menus in the action menu on the right of each item.

    image-20220114144414148

  3. Changed

    image-20220114144511046

  4. Go back to the test VM and try to write to the remounted file system.

    [opc@examplelinuxinstance FSS-Storage]$ echo 'Hello File Storage' >/mnt/FSS-Storage/hello2.txt
    [opc@examplelinuxinstance FSS-Storage]$ ls -la
    total 17
    drwxrwxrwx. 2 root root  4 Jan 14 05:50 .
    drwxr-xr-x. 3 root root 25 Jan 14 01:59 ..
    drwxrwxrwx. 2 root root  0 Jan 14 05:50 .snapshot
    -rw-rw-r--. 1 opc  opc  19 Jan 14 02:18 hello1.txt
    -rw-rw-r--. 1 opc  opc  19 Jan 14 05:50 hello2.txt
    
  5. First, you can see that the file is written according to the matching 0.0.0.0/0 Read/Write permission.



As an individual, this article was written with my personal time. There may be errors in the content of the article, and the opinions in the article are personal opinions.

Last updated on 14 Jan 2022