In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Environment
Product model: FAS2650
Operating system: cluster mode: ONTAP 9.3P12
Purpose
The migration of 7MTT to a CDOT system causes the CIFS share to display only default Unix permissions. In this environment, the new and old domains are switched due to the acquisition of customers. Foreign IT is unwilling to provide domain admins account permission, so it can only change the ACL permission policy at the bottom of the storage.
Vserver security file-directory show-vserver vservername-path path
Use the command to see if ACLs is consistent with the currently assigned permissions
FAS2650:: > vserver security file-directory show-vserver CN-FILER3-path / data/Manufacturing.cn
Vserver: CN-FILER3
File Path: path
File Inode Number: 891912
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text:-Dmurmuri
Expanded Dos Attributes:-
UNIX User Id: 0
UNIX Group Id: 1
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x8504
Owner:BUILTIN\ Administrators
Group:cotoso\ Domain Users
DACL-ACEs
ALLOW-cotoso\ Domain CN Manufacture Access-0x1200a9
ALLOW-cotoso\ Domain CN Manufacture Full Control-0x1301bf-OI | CI
ALLOW-cotoso\ Domain CN Manufacture Read Only-0x1200a9-OI | CI
ALLOW-cotoso\ Domain IT Office Direction-0x1301bf-OI | CI
ALLOW-cotoso\ Domain Admins-0x1f01ff-OI | CI (Inherited)
ALLOW-NT AUTHORITY\ SYSTEM-0x1f01ff-OI | CI (Inherited)
Only the corresponding red part is authorized to access.
Verify that Login Windows account belongs to the group mentioned above by following these steps
Windows command:
Whoami
Filer command:
Set diag
Diag secd authentication show-creds-node FAS2650-01-vserver vservername-win-name
Create a SVM security file directory policy:
Vserver security file-directory policy create-vserver CN-FILER3-policy-name fixACL
Create a security description for the security file directory:
Vserver security file-directory ntfs create-ntfs-sd sdACL-vserver CN-FILER3-owner administrator
Create the DACL to be applied:
Vserver security file-directory ntfs dacl add-vserver CN-FILER3-ntfs-sd sdACL-access-type allow-account domainuser-apply-to sub-folders
Apply policies to each path
Vserver security file-directory policy task add-vserver CN-FILER3-policy fixACL-path path-ntfs-sd sdACL
Run the application policy task
Vserver security file-directory apply-vserver CN-FILER3-policy-name fixACL
After application, you can run job show or-id to check the progress.
7703 Fsecurity Apply FAS2650 FAS2650-01 Success
Description: File Directory Security Apply Job
Reference https://kb.netapp.com/app/answers/answer_view/a_id/1051747
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
