I believe you can't do that, and to modify the perms using the file-directory commands you'll need to create an ntfs-sd, add the right ACEs you want (and you can't just tell the ntfs-sd to populate itself based on an existing files ACL) then create a policy and policy tasks to apply the SD to a path.

If you want to modify only one ACE, you still need to set up the ntfs-sd to have all the ACEs in it as running the policy will blow away the existing DACL and replace with what the ntfs-sd has, not just modify the individual ACE you mentioned. 

Cheers

Graham


On Sat., 23 Oct. 2021, 10:07 pm Carl Howell, <chowell@uwf.edu> wrote:
I have a test volume with a CIFS share and default permissions. If I want to modify the NTFS permissions using either vserver security file-directory ntfs modify...or something like Ansible, how do I find the security descriptor to modify(ntfs-sd):

vserver security file-directory show -vserver svm1 -path /test4 -instance

                Vserver: svm1
              File Path: /test4
      File Inode Number: 64
         Security Style: ntfs
        Effective Style: ntfs
         DOS Attributes: 10
 DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
           UNIX User Id: 0
          UNIX Group Id: 0
         UNIX Mode Bits: 777
 UNIX Mode Bits in Text: rwxrwxrwx
                   ACLs: NTFS Security Descriptor
                         Control:0x8004
                         Owner:BUILTIN\Administrators
                         Group:BUILTIN\Administrators
                         DACL - ACEs
                           ALLOW-Everyone-0x1f01ff
                           ALLOW-Everyone-0x10000000-OI|CI|IO

Feel like I'm missing something obvious here. . .

Thanks,

--Carl
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
https://www.teaparty.net/mailman/listinfo/toasters