Chris Thompson wrote:
... Has anyone else been caught out like this? Does anyone else think that these automatic NFS exports shouldn't be happening at all?
Full affirmation!
When using mixed security style, NetApp only supports one single style per filesystem element because of security reasons. E.g. if you were having some Unix-only users, they could never take away the ACL-rights for the CIFS/NTFS side and any Windows guy still could access the 700 unix files. And vice versa... => Not giving the feature of allowing the setting of separate unix- and ntfs-rights at the same files, directories is good for security reasons. I had many customers asking for it, but when they are getting to know about the possible security issue, they agree to the way NetApp chose to implement.
I really would appriciate it, if NetApp could keep this security issue consistant. Only do and only allow what the user/admin explicitely allows you to. The data on the filers are too valuable, for having them exported accidentally!!! I don't want anybody playing around with the isci/fcp/...-Luns over nfs ...
! At least I would like to have an option "nfs.autoexport_new_vols on/off" to handle this. ! (With default turned to: OFF, No automatic exporting)
So probably/hopefully we will see option #250 quite soon. ;-) A little wc -l on the options output:
72 options_534 144 options_622 161 options_63 216 options_641 241 options_65
Just gambling around.... ;-)
Smile & regards! Dirk Schmiedt