Shulou(Shulou.com)06/03 Report--

Recently, a customer encountered a problem. In the past, there was a folder in NETAPP CIFS that only one user had permission to access, and other users, including administrators, did not have permission to access it. Now, when this user leaves office, the account has been deleted in AD. At this time, the administrator needs to modify the permissions of this folder and how to do it.

Here, NETAPP officially provides a tool called secedit, which can be used in conjunction with the command line to force the permission of a specified folder to be modified as follows:

1. SSH to the command line interface of the NETAPP controller, enter the command:

Fsecurity show / vol/volname

Something similar will be returned:

Netapp-1 > fsecurity show / vol/test

[/ vol/test-Directory (inum 64)]

Security style: NTFS

Effective style: NTFS

DOS attributes: 0x0030 (- AD---)

Unix security:

Uid: 0 (root)

Gid: 0

Mode: 0777 (rwxrwxrwx)

NTFS security descriptor:

Owner: BUILTIN\ Administrators

Group: BUILTIN\ Administrators

DACL:

Allow-DEMO\ nasuser1-0x001f01ff (Full Control)-OI | CI

two。 Open the secedit tool

3. Click ADD and enter the path of the folder where you want to modify permissions in the pop-up screen

4. Click OK, and then add the users / groups and permissions you want

5. Just click OK and confirm.

6. Go back to the main interface and click 'save unicode',' and then generate a untitled file in the same directory as the tool, rename the file to security.conf, put the file in the\\ name\ etc$ directory, and rename the file if you already have it, such as security_test.conf.

7. Enter the following command on the command line, where-C is checked and not formally executed:

Netapp-1 > fsecurity apply / etc/security_test.conf-c

Definition validated successfully.

8. Then remove the-C and formally execute the command to run:

Netapp-1 > fsecurity apply / etc/security_test.conf

Added security job 1015.

9. Then run the original command to view permissions:

Netapp-1 > fsecurity show / vol/test

[/ vol/test-Directory (inum 64)]

Security style: NTFS

Effective style: NTFS

DOS attributes: 0x0030 (- AD---)

Unix security:

Uid: 0 (root)

Gid: 0

Mode: 0777 (rwxrwxrwx)

NTFS security descriptor:

Owner: BUILTIN\ Administrators

Group: BUILTIN\ Administrators

DACL:

Allow-Everyone-0x001f01ff (Full Control)

Allow-Everyone-0x10000000-OI | CI | IO

If you go to windows, you can see that the permission has been changed to everyone.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.