Carl,
What is your use case, what are you trying to achieve? Is it a big once-off permissions change you want to implement or an ongoing requirement to be regularly changing permissions back to some standard? The ONTAP ansible modules seem to have everything you'd need, i.e. create the SD, add the DACLs, create policy and tasks. I'm not sure what a windows/NTFS centric ansible collection would offer (assuming it exists), but I expect executing file permission changes directly on the filer would be faster than via a CIFS client so theres that benefit.
One thing I guess is that any "idempotence" of using ONTAP ansible modules for something like this is a bit of an illusion, because it's the ONTAP config of 'ntfs-sd's, DACLs and policy tasks that you're actually keeping consistent, not directly the permissions themselves. Looking at the ansible module for file-directory policy, it would execute the policy if a change was made to it like a new task is added, but not if you just need it to run because you know the actual NTFS permissions need a tune up, it's using that ONTAP policy configuration to manage idempotence, which is the right thing to do, but isn't really what you would be expecting in practice.
Cheers
Graham
Thanks Graham!
So, if you're trying to set NTFS ACL's via Ansible, is there a benefit to doing it through the ONTAP Ansible Collection > ONTAP Policy > ntfs-sd, or would it be simpler, and perhaps more portable, to do it via an Ansible/WIndows/NTFS Collection(if such a thing exists)?
Thanks
--Carl
Carl,
First I would see if you have created any security descriptors yet:
vserver security file-directory
ntfs show
If not, then create
one:
vserver
security file-directory ntfs create
And then you can modify it.
Here is a link that might be helpful as well:
Thank you,
Tim
I have a test volume with a CIFS share and default permissions. If I want to modify the NTFS permissions using either vserver security file-directory ntfs modify...or something like Ansible, how do I find the security descriptor to modify(ntfs-sd):
vserver security file-directory show -vserver svm1 -path /test4 -instance
Vserver: svm1
File Path: /test4
File Inode Number: 64
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 0
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x8004
Owner:BUILTIN\Administrators
Group:BUILTIN\Administrators
DACL - ACEs
ALLOW-Everyone-0x1f01ff
ALLOW-Everyone-0x10000000-OI|CI|IO
Feel like I'm missing something obvious here. . .
Thanks,
--Carl
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
https://www.teaparty.net/mailman/listinfo/toasters