I believe you can't do that, and to modify the perms using the file-directory commands you'll need to create an ntfs-sd, add the right ACEs you want (and you can't just tell the ntfs-sd to populate itself based on an existing files ACL) then create a policy and policy tasks to apply the SD to a path.
If you want to modify only one ACE, you still need to set up the ntfs-sd to have all the ACEs in it as running the policy will blow away the existing DACL and replace with what the ntfs-sd has, not just modify the individual ACE you mentioned.
Cheers
Graham
On Sat., 23 Oct. 2021, 10:07 pm Carl Howell, chowell@uwf.edu wrote:
I have a test volume with a CIFS share and default permissions. If I want to modify the NTFS permissions using either vserver security file-directory ntfs modify...or something like Ansible, how do I find the security descriptor to modify(ntfs-sd):
vserver security file-directory show -vserver svm1 -path /test4 -instance
Vserver: svm1 File Path: /test4 File Inode Number: 64 Security Style: ntfs Effective Style: ntfs DOS Attributes: 10DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 777 UNIX Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor Control:0x8004 Owner:BUILTIN\Administrators Group:BUILTIN\Administrators DACL - ACEs ALLOW-Everyone-0x1f01ff ALLOW-Everyone-0x10000000-OI|CI|IO
Feel like I'm missing something obvious here. . .
Thanks,
--Carl _______________________________________________ Toasters mailing list Toasters@teaparty.net https://www.teaparty.net/mailman/listinfo/toasters