Well, these two directories have effectively empty DACL (Discretionary Access Control List) - the only ACE (Access Control Entry) is for inheritance only (flag IO) and does not apply to object itself. If DACL exists but is empty, all access from any account is denied.
Your administrator should be able to take ownership of this folder and then set permissions. If it does not work, you would need to assign appropriate permissions at least to your administrator (administrator need at least change access rights permission to be able to continue).
-----Original Message----- From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of John Stoffel Sent: Thursday, July 02, 2015 8:01 PM To: toasters@teaparty.net Subject: Fixing NTFS permissions in cDOT 8.3 CIFS share
Guys,
I've got a strange problem with a CIFS share on a cDOT 8.3 system. It's a small 2250 with some NFS storage for ESX and one volume with a single CIFS share.
The local admin to making changes to permissions and managed to lock himself out completely. The top level share name is /MIS, and we can get into sub-folders (luckily!) but can't actually map the top level any more.
I've opened a ticket, and I'm reading the man pages at:
https://library.netapp.com/ecmdocs/ECMP1196891/html/GUID-3D32772D-B4E8-4497-...
but I'm hesitant to make changes. So here's some example info:
ntap_019::*> vserver security file-directory show -vserver filestorage -path /MIS
Vserver: filestorage File Path: /MIS Security Style: ntfs Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - Unix User Id: 0 Unix Group Id: 0 Unix Mode Bits: 0 Unix Mode Bits in Text: --------- ACLs: NTFS Security Descriptor Control:0x9504 Owner:BUILTIN\Administrators Group:BUILTIN\Administrators DACL - ACEs ALLOW-FOO\MIT Admins-0x1f01ff-OI|IO
ntap_019::*> vserver security file-directory show -vserver filestorage -path /MIS/UserDrives
Vserver: filestorage File Path: /MIS/UserDrives Security Style: ntfs Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - Unix User Id: 65534 Unix Group Id: 65534 Unix Mode Bits: 0 Unix Mode Bits in Text: --------- ACLs: NTFS Security Descriptor Control:0x8504 Owner:FOO\someone Group:FOO\Domain Users DACL - ACEs ALLOW-FOO\MIT Admins-0x1f01ff-OI|IO (Inherited)
And since I'm a Linux/Netapp admin with limited understand of NTFS or Windows, I'm wondering what I can do to fix the permissions, or at least be able to open things up so that we can go in and fix it properly.
I have tried setting up a 'vserver security trace filter create ...' but it never seemed to give me any results back. Is there any simple way I can just change the top level permissions to make them WIDE open, so they can be modified again?
I even tried creating a new share, thinking that it was a share level issue, but it looks more like it's an NTFS permissions issue, which is why I'm stuck.
Thanks, John _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters