I've been searching this listserv as well as NOW.NETAPP resources to detemine if there was any easy way to preclude certain file types (e.g., .mp3) from being written to given volumes. It seems the answer was not natively, but it could be done through a business partner product which would be set up as a screening server, much like the AV virus scanning server.
I'm thinking maybe it can be done natively by just not implementing the screening servers. My thoughts follow. Comments would be appreciated.
display current setup: fpolicy
create empy screening profile called restrict_filetypes fpolicy create restrict_filetypes screen
limit this profile to volume fre (for my testing) fpolicy vol inc add restrict_filetypes fre
limit this profile to filetype xxx (for my testing) fpolicy ext inc add restrict_filetypes xxx
limit this profile to activities of create and rename (allow delete) fpolicy monitor add restrict_filetypes -p cifs -f create,rename
in absence of screening server, required will deny the access rather than default of permit it fpolicy options restrict_filetypes required on
display the profile fpolicy show restrict_filetypes
enable the profile, -f forces it because there are no screening servers fpolicy enable restrict_filetypes -f
undo it all fpolicy disenable restrict_filetypes fpolicy destroy restrict_filetypes
Hi Jack,
below should work. As long as you can ignore some warnings about fpolicy enable also no fpolicy servers are connected.
Regards,
Andy
From: jack.revette@dowcorning.com [mailto:jack.revette@dowcorning.com] Sent: Dienstag, 1. April 2008 18:17 To: toasters@mathworks.com Subject: Restricting given file types from being written to CIFS volumes
I've been searching this listserv as well as NOW.NETAPP resources to detemine if there was any easy way to preclude certain file types (e.g., .mp3) from being written to given volumes. It seems the answer was not natively, but it could be done through a business partner product which would be set up as a screening server, much like the AV virus scanning server.
I'm thinking maybe it can be done natively by just not implementing the screening servers. My thoughts follow. Comments would be appreciated.
display current setup: fpolicy
create empy screening profile called restrict_filetypes fpolicy create restrict_filetypes screen
limit this profile to volume fre (for my testing) fpolicy vol inc add restrict_filetypes fre
limit this profile to filetype xxx (for my testing) fpolicy ext inc add restrict_filetypes xxx
limit this profile to activities of create and rename (allow delete) fpolicy monitor add restrict_filetypes -p cifs -f create,rename
in absence of screening server, required will deny the access rather than default of permit it fpolicy options restrict_filetypes required on
display the profile fpolicy show restrict_filetypes
enable the profile, -f forces it because there are no screening servers fpolicy enable restrict_filetypes -f
undo it all fpolicy disenable restrict_filetypes fpolicy destroy restrict_filetypes
Look at fpolicy... it works natively. I've set it up on our users' home volume to keep them from storing executables, mp3, and the likes
________________________________
From: owner-toasters@mathworks.com on behalf of jack.revette@dowcorning.com Sent: Tue 4/1/2008 12:16 PM To: toasters@mathworks.com Subject: Restricting given file types from being written to CIFS volumes
I've been searching this listserv as well as NOW.NETAPP resources to detemine if there was any easy way to preclude certain file types (e.g., .mp3) from being written to given volumes. It seems the answer was not natively, but it could be done through a business partner product which would be set up as a screening server, much like the AV virus scanning server.
I'm thinking maybe it can be done natively by just not implementing the screening servers. My thoughts follow. Comments would be appreciated.
display current setup: fpolicy
create empy screening profile called restrict_filetypes fpolicy create restrict_filetypes screen
limit this profile to volume fre (for my testing) fpolicy vol inc add restrict_filetypes fre
limit this profile to filetype xxx (for my testing) fpolicy ext inc add restrict_filetypes xxx
limit this profile to activities of create and rename (allow delete) fpolicy monitor add restrict_filetypes -p cifs -f create,rename
in absence of screening server, required will deny the access rather than default of permit it fpolicy options restrict_filetypes required on
display the profile fpolicy show restrict_filetypes
enable the profile, -f forces it because there are no screening servers fpolicy enable restrict_filetypes -f
undo it all fpolicy disenable restrict_filetypes fpolicy destroy restrict_filetypes
-
Holland, William L -
jack.revette@dowcorning.com -
Kiendl, Andreas