Remote File System Volumes

The service restricts the paths that can be shared as RFS (Remote File System) volumes using the [remote_file_system] section of the config file or using the rserverperm --accessfiles command-line configuration.

By default, the following paths are permitted:

  • Any path that was created by the rfs-setup utility and associated with RFS volumes to prepare an RFS for an nShield HSM or for use with the rfs-sync utility.

  • Subdirectories of permitted paths.

If you want to add custom paths not included in this list as RFS volumes, you must add them to the list of permitted paths before starting the service. If you make these changes after starting the service, you need to restart it for the changes to take effect.

You can update the list of permitted paths by either setting the NFSERV_RFS_ALLOWED_PATHS environment variable (see Allow custom RFS paths with an environment variable) or by creating an additional config.secure configuration file (see Allow custom RFS paths with a configuration file.)

Allow custom RFS paths with an environment variable

Allow custom RFS paths with a configuration file

  1. Create the config.secure in the

  2. Add the paths as values in an rfs_allowed_paths JSON array. The JSON must be valid.

    For example, to share path1 and path 2 (spaces are permitted):