How to interpret security trace results

Security trace results provide the reason that a request was allowed or denied. Output displays the result as a combination of the reason for allowing or denying access and the location within the access checking pathway where access is either allowed or denied. You can use the results to isolate and identify why actions are or are not allowed.

Finding information about the lists of result types and filter details

You can find the lists of result types and filter details that can be included in the security trace results in the man pages for the vserver security trace trace-result show command.

Example of output from the Reason field in an Allow result type

The following is an example of the output from the Reason field that appears in the trace results log in an Allow result type:

Access is allowed because SMB implicit permission grants requested 
access while opening existing file or directory.
Access is allowed because NFS implicit permission grants requested 
access while opening existing file or directory.

Example of output from the Reason field in an Allow result type

The following is an example of the output from the Reason field that appears in the trace results log in a Deny result type:

Access is denied. The requested permissions are not granted by the 
ACE while checking for child-delete access on the parent.

Example of output from the Filter details field

The following is an example of the output from the Filter details field in the trace results log, which list the effective security style of the file system containing files and folders that match the filter criteria:

Security Style: MIXED and ACL