I have been caught out by one aspect of the changed NFS export implementation in ONTAP 6.5.x (specifically, 6.5.1R1P6), that might have had serious security implications.
When a volume is created, say /vol/test, it is now autmatically NFS exported with a rule
/vol/test -rw,nosuid
i.e. read-write to the world. As a volume starts off with just a root-owned top-level directory, and there's no "root=" clause, this isn't _exactly_ a security exposure staight away, but of course it becomes one as soon as more interesting data is installed there.
Having noticed that at the time, I did
exportfs -io rw=[a-testing-host],root=[a-testing-host] /vol/test
and continued with my tests (which involved restoring bits of other filing systems into /vol/test).
What I hadn't realised was that the original "vol create test" had not only exported the volume, it had added a line to /etc/exports. So the next time the filer was rebooted, the unrestricted export came back... which, of course, I didn't notice for some time.
Has anyone else been caught out like this? Does anyone else think that these automatic NFS exports shouldn't be happening at all?