Jim, The safest construct is to not have your storage network accessible to the outside world (i.e. public and guest network) not having the x bit on is not an option, the dir structures must be navigable from hypervisors and management server, for at least the users root and cloud. I'm not sure if they should be more open than that.
regards, On Thu, Jun 10, 2021 at 8:33 AM James Steele <jsteele.em...@gmail.com> wrote: > Hi all, > > when adding separate NFS storage (based on a ZFS pool) as > primary/secondary what is the minimum/safest file & folder permission you > can get away with, when used in conjunction with: chown -R root:root /tank? > > chmod -R -f 755 /tank, or more restrictive chmod -R -f 644 /tank? > > This is helpful as an overview: > > http://docs.cloudstack.apache.org/en/latest/installguide/management-server/#prepare-nfs-shares > .. but it doesn't mention recommended chmod values. > > TIA, Jim > -- Daan
