Thanks Graham!
So, if you're trying to set NTFS ACL's via Ansible, is there a benefit to doing it through the ONTAP Ansible Collection > ONTAP Policy > ntfs-sd, or would it be simpler, and perhaps more portable, to do it via an Ansible/WIndows/NTFS Collection(if such a thing exists)?
Thanks
--Carl
On Sat, Oct 23, 2021 at 9:42 AM Timothy Naple tnaple@berkcom.com wrote:
Carl,
First I would see if you have created any security descriptors yet: vserver security file-directory ntfs show
If not, then create one: vserver security file-directory ntfs create
And then you can modify it.
Here is a link that might be helpful as well:
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmp...
Thank you, Tim
*From:* Toasters toasters-bounces@teaparty.net on behalf of Carl Howell chowell@uwf.edu *Sent:* Saturday, October 23, 2021 7:03 AM *To:* Toasters toasters@teaparty.net *Subject:* Security Descriptor noob question
I have a test volume with a CIFS share and default permissions. If I want to modify the NTFS permissions using either vserver security file-directory ntfs modify...or something like Ansible, how do I find the security descriptor to modify(ntfs-sd):
vserver security file-directory show -vserver svm1 -path /test4 -instance
Vserver: svm1 File Path: /test4 File Inode Number: 64 Security Style: ntfs Effective Style: ntfs DOS Attributes: 10DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 777 UNIX Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor Control:0x8004 Owner:BUILTIN\Administrators Group:BUILTIN\Administrators DACL - ACEs ALLOW-Everyone-0x1f01ff ALLOW-Everyone-0x10000000-OI|CI|IO
Feel like I'm missing something obvious here. . .
Thanks,
--Carl