We export six Qtrees under a volume on a FAS2240-4 with access restrictions based upon subnet range.
It was noted during a penetration test that one can mount, without any restrictions the "/" share from a controller even though it is not listed in /etc/exports or via "showmount -e" on a client.
One can then go down the tree to /etc and read/write without any authorization.
Can we restrict this, why is it being exported even though it is not listed.