Releases Notes and Announcements

Release Notes

Announcements

Product Introduction

Overview

Strengths

Storage Classes and Performance

Use Cases

Recommended Regions

Use Limits

Service Regions and Service Providers

Purchase Guide

Billing Overview

Pricing Overview

General Series Billing

Turbo Series Billing

High-Throughput CFS Billing

Billing Mode

IA ‍Storage Billing

Storage Resource Units

Resource Purchase

Viewing Bills

Arrears Reminder

Getting Started

Creating File Systems and Mount Targets

Using CFS File Systems on Linux Clients

Using CFS File Systems on Windows Clients

Using CFS Turbo on Linux Clients

Using the CFS Client Assistant to Mount File Systems

Operation Guide

Access Management

Managing File Systems

Permission Management

Using Tags

Snapshot Management

Guide for Cross-AZ and Cross-Network Access

Automatically Mounting File Systems

Data Migration Service

User Permission Management

User Quotas

Data Encryption

Data Lifecycle Management

Upgrading Standard File Systems

Practical Tutorial

Selecting Kernels for NFS Clients

Managing Turbo CFS Directories

Terminating Compute Instances

Using CFS on TKE

Using CFS on SCF

Using CFS Turbo on TKE

Using CFS Turbo on TKE Serverless Cluster

Selecting a Network for Turbo CFS

Copying Data

CFS Storage Performance Testing

API Documentation

History

Introduction

API Category

Snapshot APIs

File system APIs

Lifecycle APIs

Other APIs

Data Flow APIs

Making API Requests

Permission Group APIs

Service APIs

Scaling APIs

Data Migration APIs

Data Types

Error Codes

Troubleshooting

Client Use Bottleneck due to Large Number of Small Files or Parallel Requests

FAQs

CFS Service Level Agreement

Glossary

Permission Management

PDF

フォーカスモード

フォントサイズ

最終更新日: 2024-01-22 22:15:48

Overview
A client must be in the same network as the file system, for which a permission group needs to be configured to manage the access and read/write permissions of the client. This document describes how to do so.
Directions
Step 1. Create a permission group
1. Log in to the CFS console and click Permission Group on the left sidebar.
2. On the permission group page, click Create. In the pop-up window, configure the permission group name and remarks.
Step 2. Add a permission group rule
Click the name of a permission group to enter the rule list page. You can add, edit, or delete rules in the rule list. If no rule is added to the permission group, all IPs will be allowed. The rules are described as below:
Field
Description
Access Address
You can enter a single IP or a CIDR block, such as 10.1.10.11 or 10.10.1.0/24. The default access address is *, indicating that all IPs are allowed. Please note that you need to enter the CVM instance's private IP here.
Read & Write Permissions
Read-only or read/write.
User Permissions
The four options below are used for controlling the permissions of a user.
all_squash: Any user will be mapped to an anonymous user or user group.
no_all_squash: A user will be first matched with a local user, and if the match fails, it will be mapped to an anonymous user or user group.
root_squash: A root user will be mapped to an anonymous user or user group.
no_root_squash: A root user will be allowed to maintain root account permissions.
Note:
User permissions configuration is not supported for CIFS/SMB file systems and Turbo file syste‍ms and will not take effect.
The default permission is 755 for each file system, and nfsnobody does not have write permission. Therefore, if there are no special needs, no_root_squash is recommended. If the root user creates a file directory and mounts the file system, when the access address is set to all_squash or root_squash, an access IP can only read files. (This is because the mount path requires root permissions, but the access IP has been mapped to an anonymous user.)
﻿
Priority
You can configure an integer between 1 and 100 as the priority level, where 1 indicates the highest priority. If the permission of a single IP conflicts with that of an IP within a CIDR block in the same permission group, the permission with a higher priority will apply. If their priority levels are the same, the permission of the single IP will apply. If two overlapping CIDR blocks are configured with different permissions and the same priority levels, the permissions of the overlapping CIDR blocks will take effect randomly. Please avoid configuring overlapping CIDR blocks.
Note:
Priority configuration is not supported for CIFS/SMB file systems and will not take effect.
﻿
Step 3. Configure a permission group for a file system
The configuration of a permission group can be modified after the file system is created. You can choose to create a permission group first and select it when creating a file system. You can also select the default permission group when creating a file system and then go to the file system details page to change the permission group.
Note:
If the file system is mounted with the NFS v4 protocol, the modification to the permission group rules of the file system will take effect in 2 minutes.
Step 4. Modify the information and rules of a permission group
You can enter the permission group details page to modify the name, remarks, and rules of a permission group.
Note:
Permission group rules take effect asynchronously. Therefore, avoid adding individual IPs frequently.
We recommend you add a CIDR block or batch import IPs using a template.
﻿

ヘルプとサポート

この記事はお役に立ちましたか？

営業担当者にお問い合わせいただくかチケットを提出してサポートを求めることができます。

フィードバック

tencent cloud

Cloud File Storage

Permission Management

Overview

Directions

Step 1. Create a permission group

Step 2. Add a permission group rule

Step 3. Configure a permission group for a file system

Step 4. Modify the information and rules of a permission group

ヘルプとサポート

Field	Description
Access Address	You can enter a single IP or a CIDR block, such as 10.1.10.11 or 10.10.1.0/24. The default access address is `*`, indicating that all IPs are allowed. Please note that you need to enter the CVM instance's private IP here.
Read & Write Permissions	Read-only or read/write.
User Permissions	The four options below are used for controlling the permissions of a user. all_squash: Any user will be mapped to an anonymous user or user group. no_all_squash: A user will be first matched with a local user, and if the match fails, it will be mapped to an anonymous user or user group. root_squash: A root user will be mapped to an anonymous user or user group. no_root_squash: A root user will be allowed to maintain root account permissions. Note: User permissions configuration is not supported for CIFS/SMB file systems and Turbo file syste‍ms and will not take effect. The default permission is 755 for each file system, and nfsnobody does not have write permission. Therefore, if there are no special needs, `no_root_squash` is recommended. If the root user creates a file directory and mounts the file system, when the access address is set to `all_squash` or `root_squash`, an access IP can only read files. (This is because the mount path requires root permissions, but the access IP has been mapped to an anonymous user.)
Priority	You can configure an integer between 1 and 100 as the priority level, where 1 indicates the highest priority. If the permission of a single IP conflicts with that of an IP within a CIDR block in the same permission group, the permission with a higher priority will apply. If their priority levels are the same, the permission of the single IP will apply. If two overlapping CIDR blocks are configured with different permissions and the same priority levels, the permissions of the overlapping CIDR blocks will take effect randomly. Please avoid configuring overlapping CIDR blocks. Note: Priority configuration is not supported for CIFS/SMB file systems and will not take effect.