JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle® ZFS Storage Appliance Administration Guide
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Using This Documentation

Chapter 1 Oracle ZFS Storage Appliance Overview

Chapter 2 Status

Chapter 3 Initial Configuration

Chapter 4 Network Configuration

Chapter 5 Storage Configuration

Chapter 6 Storage Area Network Configuration

Chapter 7 User Configuration

Chapter 8 Setting ZFSSA Preferences

Chapter 9 Alert Configuration

Chapter 10 Cluster Configuration

Chapter 11 ZFSSA Services

Chapter 12 Shares, Projects, and Schema

Understanding Shares

Storage Pools

Using Shares

Share Properties

Share Snapshots

Share Clones

Shares Space Management

Shares Space Terminology

Understanding Snapshots

File System and Project Settings

Data Quotas

Data Reservations

Space Management for Replicating LUNs

User and Group Settings

Viewing Current Usage

Viewing Current Usage in the BUI

Viewing Current Usage in the CLI

Setting User or Group Quotas

Set User or Group Quotas Using the BUI

Set User or Group Quotas Using the CLI

Identity Management

Filesystem Namespace

Namespace Nested Mountpoints

Namespace Protocol Access to Mountpoints

Namespace NFSv2 / NFSv3

Namespace NFSv4

Namespace SMB

Namespace FTP / FTPS / SFTP

Namespace HTTP / HTTPS

Shares > Shares

Working with Shares > Shares in the BUI

List of Shares

Editing a Share

Usage Statistics

Static Properties

Shares Project Panel

Creating a Share

Working with Shares > Shares in the CLI

Navigation

Share Operations

Shares > Shares CLI Properties

Shares > Shares > General - BUI Page

Space Usage

Volume Size

Thin Provisioned

Mountpoint

Read only

Update access time on read

Non-blocking mandatory locking

Data deduplication

Data compression

Checksum

Cache Device Usage

Synchronous Write Bias

Database Record Size

Additional Replication

Virus Scan

Prevent Destruction

Restrict Ownership Change

Custom Properties

Shares > Shares > Protocols - BUI Page

Shares Protocols

Share Protocols - NFS

Share Protocols - CLI

Security Modes

Character Set Encodings

Shares - SMB

Shares - iSCSI

Shares - HTTP

Shares - FTP

Shares - SFTP

Shares > Shares > Access

Access Control

Shares - Root Directory Access

Shares - User

Shares - Group

Shares - Permissions

Shares - ACL Behavior

ACL Behavior on Mode Change

ACL Inheritance Behavior

Root Directory ACL

Shares - Snapshots

Shares - Snapshot Properties

.zfs/snapshot visible

Scheduled Snapshot Label

Listing Snapshots Using the BUI

Manual Snapshots Using the BUI

Create a project level snapshot

Create a share/LUN level snapshot

Renaming a Snapshot (BUI)

Destroying a Snapshot (BUI)

Rolling back to a Snapshot (BUI)

Cloning a Snapshot (BUI)

Scheduled Snapshots Using the BUI

Manual Snapshots Using the CLI

Listing Snapshots (CLI)

Taking Manual Snapshots (CLI)

Renaming a Snapshot (CLI)

Destroying a Snapshot (CLI)

Rolling back to a Snapshot (CLI)

Cloning a Snapshot (CLI)

Listing Dependent Clones Using the CLI

Scheduled Snapshots Using the CLI

Setting the Scheduled Snapshot Label Using the CLI

Projects

Working with Projects Using the BUI

Project Fields

Editing a Project

Usage Statistics

Static Properties

Creating Projects

Working with Projects Using the CLI

Navigation

Project Operations

Selecting a Pool in a Cluster

Project Properties

Project - General

Project - General Properties

Project - Space Usage

Project - Quota

Project - Reservation

Project - Inherited Properties

Project - Custom Properties

Filesystem Creation Defaults

LUN Creation Defaults

Project Protocols

Project Access

Project Snapshots

Project Snapshot Properites

.zfs/snapshot visible

Scheduled Snapshot Label

Schemas

Customized Share Properties

Working with Schemas in the BUI

Configuring a Schema Using the BUI

Working with Schemas Using the CLI

Configuring a Schema Using the CLI

Chapter 13 Replication

Chapter 14 Shadow Migration

Chapter 15 CLI Scripting

Chapter 16 Maintenance Workflows

Chapter 17 Integration

Index

Share Protocols - NFS

Table 12-7  Share Protocols - NFS Properties
BUI Property
CLI Property
Description
Share mode
off/ro/rw
Determines whether the share is available for reading only, for reading and writing, or neither. In the CLI, "on" is an alias for "rw".
Disable setuid/setgid file creation
nosuid
If this option is selected, clients will not be able to create files with the setuid (S_ISUID) and setgid (S_ISGID) bits set, nor to enable these bits on existing files via the chmod(2) system call.
Prevent clients from mounting subdirectories
nosub
If this option is selected, clients will be prevented from directly mounting subdirectories. They will be forced to mount the root of the share. Note: this only applies to the NFSv2 and NFSv3 protocols not to NFSv4.
Anonymous user mapping
anon
Unless the "root" option is in effect for a particular client, the root user on that client is treated as an unknown user, and all attempts by that user to access the share's files will be treated as attempts by a user with this uid. The file's access bits and ACLs will then be evaluated normally.
Character encoding
See below
Sets the character set default for all clients. For more information, see the section on character set encodings.
Security mode
See below
Sets the security mode for all clients.

Exceptions to the overall sharing modes may be defined for clients or collections of clients. When a client attempts access, its access will be granted according to the first exception in the list that matches the client; or, if no such exception exists, according to the global share modes defined above. These client collections may be defined using one of three types:

Table 12-8  Client Collection Types
Type
CLI Prefix
Description
Example
Host(FQDN) or Netgroup
none
A single client whose IP address resolves to the specified fully-qualified name, or a netgroup containing fully-qualified names to which a client's IP address resolves
caji.sf.example.com
DNS Domain
.
All clients whose IP addresses resolve to a fully qualified name ending in this suffix
sf.example.com
Network
@
All clients whose IP addresses are within the specified IP subnet, expressed in CIDR notation
192.168.20.0/22

For each specified client or collection of clients, you will then express two parameters: whether the client shall be permitted read-only or read-write access to the share, and whether the root user on the client shall be treated as the root user (if selected) or the unknown user.

If netgroups are used, they will be resolved from NIS (if enabled) and then from LDAP (if enabled). If LDAP is used, the netgroups must be found at the default location, ou=Netgroup,(Base DN), and must use the standard schema. The username component of a netgroup entry typically has no effect on NFS; only the hostname is significant. Hostnames contained in netgroups must be canonical and, if resolved using DNS, fully qualified. That is, the NFS subsystem will attempt to verify that the IP address of the requesting client resolves to a canonical hostname that matches either the specified FQDN or one of the members of one of the specified netgroups. This match must be exact, including any domain components; otherwise, the exception will not match and the next exception will be tried. For more information on hostname resolution, see DNS. Management of netgroups can be complex; consider using IP subnet rules or DNS domain rules instead where possible.

As of the 2013.1.0 software release, Unix client users may belong to a maximum of 1024 groups without any performance degradation. Prior releases supported up to 16 groups per Unix client user.

Share Protocols - CLI

In the CLI, all NFS share modes and exceptions are specified using a single options string for the "sharenfs" property. This string is a comma-separated list of values from the tables above. It should begin with one of "ro", "rw", or "off", as an analogue to the global share modes described for the BUI. For example,

set sharenfs=ro

sets the share mode for all clients to read-only. The root users on all clients will access the files on the share as if they were the generic "nobody" user.

Either or both of the "nosuid" and "anon" options may also be appended. Remember that in the CLI, property values containing the "=" character must be quoted. Therefore, to define the mapping of all unknown users to the uid 153762, you might specify

set sharenfs="ro,anon=153762"

Additional exceptions can be specified by appending text of the form "option=collection", where "option" is one of "ro", "rw", and "root", defining the type of access to be granted to the client collection. The collection is specified by the prefix character from the table above and either a DNS hostname/domain name or CIDR network number. For example, to grant read-write access to all hosts in the sf.example.com domain and root access to those in the 192.168.44.0/24 network, you might use

set sharenfs="ro,anon=153762,rw=.sf.example.com,root=@192.168.44.0/24"

Netgroup names can be used anywhere an individual fully-qualified hostname can be used. For example, you can permit read-write access to the "engineering" netgroup as follows:

set sharenfs="ro,rw=engineering"

Security modes are specified by appending text in the form "option=mode" where option is "sec" and mode is one of "sys", "krb5", "krb5:krb5i", or "krb5:krb5i:krb5p".

set sharenfs="sec=krb5"

Security Modes

Security modes are set on per-share basis and can have performance impact. The following table describes the Kerberos security settings.

Table 12-9  Kerberos Security Settings
Setting
Description
krb5
End-user authentication through Kerberos V5
krb5i
krb5 plus integrity protection (data packets are tamper proof)
krb5p
krb5i plus privacy protection (data packets are tamper proof and encrypted)

Combinations of Kerberos flavors may be specified in the security mode setting. The combination security modes let clients mount with any Kerberos flavor listed.

Table 12-10  Security Mode Settings
Setting
Menu
sys
System Authentication
krb5
Kerberos v5 only - Clients must mount using this flavor.
krb5:krb5i
Kerberos v5, with integrity - Clients may mount using any flavor listed.
krb5i
Kerberos v5 integrity only - Clients must mount using this flavor.
krb5:krb5i:krb5p
Kerberos v5, with integrity or privacy - Clients may mount using any flavor listed.
krb5p
Kerberos v5 privacy only - Clients must mount using this flavor.

For more information about NFS and Kerberos, see:

Character Set Encodings

Normally, the character set encoding used for filename is unspecified. The NFSv3 and NFSv2 protocols don't specify the character set. NFSv4 is supposed to use UTF-8, but not all clients do and this restriction is not enforced by the server. If the UTF-8 only option is disabled for a share, these filenames are written verbatim to the filesystem without any knowledge of their encoding. This means that they can only be interpreted by clients using the same encoding. SMB, however, requires filenames to be stored as UTF-8 so that they can be interpreted on the server side. This makes it impossible to support arbitrary client encodings while still permitting access over SMB.

In order to support such configurations, the character set encoding can be set share-wide or on a per-client basis. The following character set encodings are supported:

The default behavior is to leave the character set encoding unspecified (pass-through). The BUI allows the character set to be chosen through the standard exception list mechanism. In the CLI, each character set itself becomes an option with one or more hosts, with '*' indicating the share-wide setting. For example, the following:

set sharenfs="rw,euc-kr=*"

Will share the filesystem with 'euc-kr' as the default encoding. The following:

set sharenfs="rw,euc-kr=host1.domain.com,euc-jp=host2.domain.com"

Use the default encoding for all clients except 'host1' and 'host2', which will use 'euc-kr' and 'euc-jp', respectively. The format of the host lists follows that of other CLI NFS options.

Note that some NFS clients do not correctly support alternate locales; consult your NFS client documentation for details.