Carl,

First I would see if you have created any security descriptors yet:
vserver security file-directory ntfs show 

If not, then create one:
vserver security file-directory ntfs create

And then you can modify it.

Here is a link that might be helpful as well:
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-900%2Fvserver__security__file-directory__ntfs__modify.html

Thank you,
Tim

From: Toasters <toasters-bounces@teaparty.net> on behalf of Carl Howell <chowell@uwf.edu>
Sent: Saturday, October 23, 2021 7:03 AM
To: Toasters <toasters@teaparty.net>
Subject: Security Descriptor noob question
 
I have a test volume with a CIFS share and default permissions. If I want to modify the NTFS permissions using either vserver security file-directory ntfs modify...or something like Ansible, how do I find the security descriptor to modify(ntfs-sd):

vserver security file-directory show -vserver svm1 -path /test4 -instance

                Vserver: svm1
              File Path: /test4
      File Inode Number: 64
         Security Style: ntfs
        Effective Style: ntfs
         DOS Attributes: 10
 DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
           UNIX User Id: 0
          UNIX Group Id: 0
         UNIX Mode Bits: 777
 UNIX Mode Bits in Text: rwxrwxrwx
                   ACLs: NTFS Security Descriptor
                         Control:0x8004
                         Owner:BUILTIN\Administrators
                         Group:BUILTIN\Administrators
                         DACL - ACEs
                           ALLOW-Everyone-0x1f01ff
                           ALLOW-Everyone-0x10000000-OI|CI|IO

Feel like I'm missing something obvious here. . .

Thanks,

--Carl