User-friendliness aside -- automatically exporting created volumes read/write to the world is a horrible idea from a security perspective. Operations should always 'fail safe' from a security perspective. Things should not be enabled, exported, etc without a deliberate action on my part.
Thankfully I caught this because I'm monitoring critical files like this for unauthorized changes.
If you want to make things more user-friendly, enable a 'help.verbose' by default and print out friendly reminders after a vol create like "You will need to export your volume before clients can access it over the network", or something like that.
I'd hate to see OnTap get more user-friendly at the expense of doing the Right Thing. Besides, that's what the GUI is for.
My $0.02
On Wed, 18 Aug 2004, Haynes, Tom wrote:
Is it a dumbing down or an automation of common steps? I know when I designed and coded the automatic writing of the /etc/exports, my goal was to remove some repetitive and manual steps.
You have to remember that is what programming is all about:
finding common blocks of functionality and wrapping them in a function.
reducing the human interaction.
Some of the posters on this thread make it sound like this was a conspiracy.
If we had been a brand new company and we came out with a product which kept the exports information in a database instead of a flat file, would you have been this upset? Or would you have enjoyed the experience?
I've been of the flat file bent myself for a long time. Now that I have to maintain the exports file, I'm leaning towards a database for it. There is just too much ambiguity in parsing entries in the host lists - well formed fields, like *shudder* XML, make too much sense.
Anyway, there is no global plan to dumb down the product - just local designs to reduce problems found in customer escalations.
On Wed, 18 Aug 2004, Bruce Arden wrote:
Uh, whoops, now I've got this "/vol/new" export at the end of the file? Hmmm. Harmless, in this case, because at reboot there was no volume named "new" so it wasn't exported... still, this was another little surprise that could have had more serious consequences, and as another long-time Unix/ONTAP hacker I have to lobby against the dumbing down of ONTAP. Any sysadmin qualified to run the box can learn it in an hour or less; filers don't need to be much simpler than they are now. What's next? "Hey, Boeing, this 747 is too hard to fly, make it easier so we can use cheaper pilots."
Cringe.
-- Chris