Can someone who knows tell me whats going on here?
We recently discovered a security issue with our netapp filers when using NFS. The netapps where allowing NFS mounts and operations from non-privilaged client ports.
Investigation found the options nfs.nfs_rootonly and nfs.mount_rootonly options.
nfs.mount_rootonly was true, but nfs.nfs_rootonly was false.
I was kind of surprized by this, since I had no recollection of ever altering either of these options yet the settings were identical across all our filers. The environment is:
3170A running 8.2 3240 running 8.2 3240 running 8.1 (reverted from 8.2)
Ok, so I asked another nearby site to check there filers for me and they tell me their filers have no such setting, all on 8.1
So, I guess my questions are:
1) has ONTAP always allowed NFS from non-privilaged ports?
2) was nfs.nfs_rootonly introduced in 8.2 and why is the default off?
3) why does this setting stay around after revert to 8.1?
It would seem to me that allowing NFS from non-privilages ports is kind of bad.
Any help appreciated.
Regards, pdg