vserver security file-directory show

Display file/folder security information

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver file-directory show command displays file/folder security information. The command output depends on the parameter or parameters specified with the command.

The -vserver and -path parameters are required for this command. If you do not specify any of the optional parameters, the command displays all security information in list format for the specified path.

You can specify the -fields parameter to specify which fields of information to display about files and folders security.

You can specify the -instance parameter to display all the security information in list format.

Parameters

{ [-fields <fieldname>, ...]
If you specify the -fields <fieldname>, ... parameter, the command only displays the fields that you specify.
| [-instance ]}
If you specify the -instance parameter, the command displays detailed information about all entries.
-vserver <vserver> - Vserver
Use this required parameter to specify the Vserver that contains the path to the file or folder specified with the required -path parameter.
{ [-path <text>] - File Path
Use this field to specify the path of the file or folder for which you want to display security information. If the volume name is not specified in the path, the path is relative to the Vserver root volume. If the path's last subcomponent has a wildcard ("*"), the output will display information for all files and directories below the parent path.
Note: If you want to display information of a file or directory which contains wildcard ("*") as its last sub-component, then provide the complete path inside "<path>".

For instance, vserver security file-directory show -vserver vs1 -path "/vol1/*" will show ACL information for the directory named "*", only.

| [-inode <integer>]} - File Inode Number
Use this field to specify the inode number of the file or folder for which you want to display security information. If the volume name is not specified, inode is searched in the Vserver root volume.
{ [-volume-name <volume name>] - Volume Name
If you specify this parameter, the command displays information about file and directory security only for files and directories where the specified path is relative to the specified volume. If this parameter is not specified, the Vserver root volume is taken as default.
| [-share-name <Share>]} - Share Name
If you specify this parameter, the command displays information about file and directory security only for files and directories contained where the specified path is relative to the root of the specified share. If this parameter is not specified, the Vserver root volume is taken as default.
[-lookup-names {true|false}] - SID to Name Lookups
If you specify this parameter, the command displays information about file and directory security for files and directories where the information about owner and group are stored as names. If set to false, the command displays information about file and directory security for files and directories where the information for owner and group are stored as SIDs.
[-expand-mask {true|false}] - Expand Bit Masks
If you specify this parameter, the command displays information about file and directory security for files and directories where the hexadecimal bit mask entries are in expanded bit form. If set to false, the command displays information about file and directly security for files and directories where the hexadecimal bit mask entries are in collapsed form.
[-sddl {true|false}] - Display ACLs in SDDL Format
If you specify this parameter, the command displays the ACL information for files and directories in Security Descriptor Definition Language (SDDL) format. If the file has effective-style as "unix" then this flag has no effect.
[-security-style <security style>] - Security Style
If you specify this parameter, the command displays information about file and directory security only for files and directories with paths in volumes of the specified security style.
[-effective-style <security style>] - Effective Style
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified effective security style on the path.
[-dos-attributes <Hex Integer>] - DOS Attributes
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified DOS attributes.
[-text-dos-attr <TextNoCase>] - DOS Attributes in Text
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified text DOS attributes.
[-expanded-dos-attr <TextNoCase>] - Expanded Dos Attributes
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified extended DOS attributes. This parameter is useful only for files or directories where the –expand-mask is set to true.
[-user-id <user name>] - UNIX User Id
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX user ID.
[-group-id <group name>] - UNIX Group Id
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX group ID.
[-mode-bits <Octal Permission>] - UNIX Mode Bits
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX mode bits in Octal form.
[-text-mode-bits <text>] - UNIX Mode Bits in Text
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX mode bits in text form.
[-acls <Security acl>, ...] - ACLs
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified ACLs. If the specified path is a volume or qtree path and Storage-Level Access Guard (SLAG) is configured on the volume or qtree, this parameter displays the SLAG information. It also displays the Dynamic Access Control (DAC) policies if DAC is configured for the given file or directory path. The following ACL information can be entered:
  • Type of ACL - NTFS or NFSV4
  • Control bits in the security descriptors
  • Owner - only in case of NTFS security descriptors
  • Group - only in case of NTFS security descriptors
  • Access Control Entries - discretionary access control list (DACL) and system access control list (SACL) access control entries (ACEs) in the ACL

Examples

The following example displays the security information about the path "/vol4" in Vserver vs1.

            cluster1::> vserver security file-directory show -vserver vs1 -path /vol4
              (vserver security file-directory show)

                            Vserver: vs1
                          File Path: /vol4
                  File Inode Number: 64
                     Security Style: ntfs
                    Effective Style: ntfs
                     DOS Attributes: 10
             DOS Attributes in Text: ----D---
            Expanded Dos Attributes: -
                       Unix User Id: 0
                      Unix Group Id: 0
                     Unix Mode Bits: 777
             Unix Mode Bits in Text: rwxrwxrwx
                               ACLs: NTFS Security Descriptor
                                     Control:0x8004
                                     Owner:BUILTIN\Administrators
                                     Group:BUILTIN\Administrators
                                     DACL - ACEs
                                     ALLOW-Everyone-0x1f01ff
                                     ALLOW-Everyone-0x10000000-OI|CI|IO
        

The following example displays the security information about the path "/a/b/file.txt" in Vserver vs1.

                cluster1::> vserver security file-directory show -vserver vs1 -path /a/b/file.txt -volume-name vol1
                  (vserver security file-directory show)

                                  Vserver: vs1
                                File Path: /vol1/a/b/file.txt
                        File Inode Number: 101
                           Security Style: ntfs
                          Effective Style: ntfs
                           DOS Attributes: 10
                   DOS Attributes in Text: ----D---
                  Expanded Dos Attributes: -
                             Unix User Id: 0
                            Unix Group Id: 0
                           Unix Mode Bits: 777
                   Unix Mode Bits in Text: rwxrwxrwx
                                     ACLs: NTFS Security Descriptor
                                           Control:0x8004
                                           Owner:BUILTIN\Administrators
                                           Group:BUILTIN\Administrators
                                    DACL - ACEs
                                    ALLOW-Everyone-0x1f01ff
                                    ALLOW-Everyone-0x10000000-OI|CI|IO
        

The following example displays the security information of the volume path "/vol1" containing SLAG.

                cluster1::> vserver security file-directory show -vserver vs1 -path /vol1
                           Vserver: vs1
                         File Path: /vol1
                 File Inode Number: 64
                    Security Style: mixed
                   Effective Style: ntfs
                    DOS Attributes: 10
            DOS Attributes in Text: ----D---
            Expanded Dos Attribute: -
                      Unix User Id: 0
                     Unix Group Id: 1
                    Unix Mode Bits: 777
            Unix Mode Bits in Text: rwxrwxrwx
                              ACLs: NTFS Security Descriptor
                                    Control:0xbf14
                                    Owner:CIFS1\Administrator
                                    Group:CIFS1\Domain Admins
                                    SACL - ACEs
                                       ALL-Everyone-0xf01ff-OI|CI|SA|FA
                                       RESOURCE ATTRIBUTE-Everyone-0x0
                                         ("Department_MS",TS,0x10020,"Finance")
                                       POLICY ID-All resources - No Write-0x0-OI|CI
                                    DACL - ACEs
                                       ALLOW-CIFS1\Administrator-0x1f01ff-OI|CI
                                       ALLOW-Everyone-0x1f01ff-OI|CI
                                       ALLOW CALLBACK-DAC\skanyal-0x1200a9-OI|CI
                                         ((@User.department==@Resource.Department_MS&&@Resource.Impact_MS>1000)&&@Device.department==@Resource.Department_MS)

                                    Storage-Level Access Guard security
                                    SACL (Applies to Directories):
                                       AUDIT-R1\user1-0x001f01ff-FA
                                    DACL (Applies to Directories):
                                       ALLOW-R1\user1-0x001f01ff
                                       ALLOW-R1\user2-0x001200a9
                                    SACL (Applies to Files):
                                       AUDIT-R1\user1-0x001f01ff-FA
                                    DACL (Applies to Files):
                                       ALLOW-R1\user1-0x001f01ff
                                       ALLOW-R1\user2-0x001200a9
        

The following example displays the security information of the qtree path "/vol1/q1" containing SLAG.

                cluster1::> vserver security file-directory show -vserver vs1 -path /vol1/q1
                           Vserver: vs1
                         File Path: /vol1/q1
                 File Inode Number: 105
                    Security Style: mixed
                   Effective Style: ntfs
                    DOS Attributes: 10
            DOS Attributes in Text: ----D---
            Expanded Dos Attribute: -
                      Unix User Id: 0
                     Unix Group Id: 1
                    Unix Mode Bits: 777
            Unix Mode Bits in Text: rwxrwxrwx
                              ACLs: NTFS Security Descriptor
                                    Control:0xbf14
                                    Owner:CIFS1\Administrator
                                    Group:CIFS1\Domain Admins
                                    SACL - ACEs
                                       ALL-Everyone-0xf01ff-OI|CI|SA|FA
                                    DACL - ACEs
                                       ALLOW-CIFS1\Administrator-0x1f01ff-OI|CI
                                       ALLOW-Everyone-0x1f01ff-OI|CI

                                    Storage-Level Access Guard security
                                    SACL (Applies to Directories):
                                       AUDIT-R1\user1-0x001f01ff-FA
                                    DACL (Applies to Directories):
                                       ALLOW-R1\user1-0x001f01ff
                                       ALLOW-R1\user2-0x001200a9
                                    SACL (Applies to Files):
                                       AUDIT-R1\user1-0x001f01ff-FA
                                    DACL (Applies to Files):
                                       ALLOW-R1\user1-0x001f01ff
                                       ALLOW-R1\user2-0x001200a9