vserver security file-directory apply
Apply security descriptors on files and directories defined in a policy to a Vserver
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver security file-directory apply
command applies security settings to files and directories defined in a security policy of a Vserver.
Applying a security policy to a Vserver is the last step to creating and applying NTFS ACLs to files or folders. A security policy contains definitions for the security configuration of a file (or folder) or set of files (or, folders). The policy is a container for tasks. A task associates a file/folder path name to the security descriptor that needs to be set on the file/folder. Every task in a policy is uniquely identified by the file/folder path. A policy cannot have duplicate task entries. There can be only one task per path.
The steps to creating and applying NTFS ACLs are the following:
-
Create an NTFS security descriptor.
-
Add DACLs and SACLs to the NTFS security descriptor.
|
If you want to audit file and directory events, you must configure auditing on the Vserver in addition to adding the SACL to the security descriptor. |
-
Create a file/directory security policy.
This step associates the policy with a Vserver.
* Create policy tasks.
A policy task refers to a single operation to apply to a file (or folder) or to a set of files (or folders). Amongst other things, the task defines which security descriptor to apply to a path.
* Apply a policy to the associated Vserver.
Parameters
-vserver <vserver name>
- Vserver-
Specifies the Vserver that contains the path to which the security policy is applied.
-policy-name <Security policy name>
- Policy Name-
Specifies the security policy to apply.
[-ignore-broken-symlinks {true|false}]
- Skip Broken Symlinks (privilege: advanced)-
If you specify this parameter as
true
, the file-directory apply job will skip all the symlinks that are broken instead of failing the job.
Examples
The following example applies a security policy named “p1” to Vserver vs0.
cluster1::> vserver security file-directory apply -vserver vs0 -policy-name p1