This procedure describes how to use the ZFS file system's
share property to restrict access to a share based on a client's host address. This feature is known as host-based access control.
A client host is permitted to have only one of the following types of access to a share:
For more information about the access control mechanisms that are used for shares, see Host-Based Access Control to SMB Shares.
This procedure shows how to use the
zfs command to restrict client host access, but you can also use the
share command for other file system types. See the
share(8) man page.
For information about access lists, see the
share_smb(8) man page.
- Become an administrator.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
- Determine the type of access you want to grant for each client host.
- Restrict access by particular hosts to a share.
$ zfs share -o share.smb=on -o share.smb.ro=hostname[:hostname] pool/dataset%share-name $ zfs share -o share.smb=on -o share.smb.rw=hostname[:hostname] pool/dataset%share-name $ zfs share -o share.smb=on -o share.smb.none="" pool/dataset%share-name
A host name, a netgroup, or an IP address
Name of the dataset and share being shared
You can specify the host access policy by combining the access settings in a single command.
Example 3-9 Setting Host Access Policy by Using a Single Command
The following command specifies how particular hosts can access the
acme.sales.logs share. The
venus hosts have read-write access,
mars has read-only access, and
neptune has no access.
$ zfs share -o share.smb=on -o share.smb.rw=mercury:venus,ro=mars,none="*" \ tank/sales/logs%acme.sales.logs