vserver security file-directory show
Display file/folder security information
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver file-directory show
command displays file/folder security information. The command output depends on the parameter or parameters specified with the command.
The -vserver
and -path
parameters are required for this command. If you do not specify any of the optional parameters, the command displays all security information in list format for the specified path.
You can specify the -fields
parameter to specify which fields of information to display about files and folders security.
You can specify the -instance
parameter to display all the security information in list format.
Parameters
- {
[-fields <fieldname>,…]
-
If you specify the -fields <fieldname>, … parameter, the command only displays the fields that you specify.
- |
[-instance ]
} -
If you specify the -instance parameter, the command displays detailed information about all entries.
-vserver <vserver>
- Vserver-
Use this required parameter to specify the Vserver that contains the path to the file or folder specified with the required
-path
parameter. - {
[-path <text>]
- File Path -
Use this field to specify the path of the file or folder for which you want to display security information. If the volume name is not specified in the path, the path is relative to the Vserver root volume. If the path's last subcomponent has a wildcard ("*"), the output will display information for all files and directories below the parent path.
If you want to display information of a file or directory which contains wildcard ("*") as its last sub-component, then provide the complete path inside "<path>". For instance, vserver security file-directory show -vserver vs1 -path "/vol1/" will show ACL information for the directory named "", only.
- |
[-inode <integer>]
- File Inode Number } -
Use this field to specify the inode number of the file or folder for which you want to display security information. If the volume name is not specified, inode is searched in the Vserver root volume.
- {
[-volume-name <volume name>]
- Volume Name -
If you specify this parameter, the command displays information about file and directory security only for files and directories where the specified path is relative to the specified volume. If this parameter is not specified, the Vserver root volume is taken as default.
- |
[-share-name <Share>]
- Share Name } -
If you specify this parameter, the command displays information about file and directory security only for files and directories contained where the specified path is relative to the root of the specified share. If this parameter is not specified, the Vserver root volume is taken as default.
[-lookup-names {true|false}]
- SID to Name Lookups-
If you specify this parameter, the command displays information about file and directory security for files and directories where the information about owner and group are stored as names. If set to false, the command displays information about file and directory security for files and directories where the information for owner and group are stored as SIDs.
- {
[-expand-mask {true|false}]
- Expand Bit Masks -
If you specify this parameter, the command displays information about file and directory security for files and directories where the hexadecimal bit mask entries are in expanded bit form. If set to false, the command displays information about file and directory security for files and directories where the hexadecimal bit mask entries are in collapsed form.
- |
[-textual-mask {true|false}]
- Show Textual Mask -
If you specify this parameter as
true
, the command displays information about file and directory security for files and directories where the hexadecimal bit mask is translated to texual format. - |
[-sddl {true|false}]
- Display ACLs in SDDL Format } -
If you specify this parameter, the command displays the ACL information for files and directories in Security Descriptor Definition Language (SDDL) format. If the file has
effective-style
as "unix" then this flag has no effect. [-security-style <security style>]
- Security Style-
If you specify this parameter, the command displays information about file and directory security only for files and directories with paths in volumes of the specified security style.
[-effective-style <security style>]
- Effective Style-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified effective security style on the path.
[-dos-attributes <Hex Integer>]
- DOS Attributes-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified DOS attributes.
[-text-dos-attr <TextNoCase>]
- DOS Attributes in Text-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified text DOS attributes.
[-expanded-dos-attr <TextNoCase>]
- Expanded Dos Attributes-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified extended DOS attributes. This parameter is useful only for files or directories where the
–expand-mask
is set to true. [-user-id <user name>]
- UNIX User Id-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX user ID.
[-group-id <group name>]
- UNIX Group Id-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX group ID.
[-mode-bits <Octal Permission>]
- UNIX Mode Bits-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX mode bits in Octal form.
[-text-mode-bits <text>]
- UNIX Mode Bits in Text-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX mode bits in text form.
[-acls <Security acl>,…]
- ACLs-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified ACLs. If the specified path is a volume or qtree path and Storage-Level Access Guard (SLAG) is configured on the volume or qtree, this parameter displays the SLAG information. It also displays the Dynamic Access Control (DAC) policies if DAC is configured for the given file or directory path. The following ACL information can be entered:
-
Type of ACL - NTFS or NFSV4
-
Control bits in the security descriptors
-
Owner - only in case of NTFS security descriptors
-
Group - only in case of NTFS security descriptors
-
Access Control Entries - discretionary access control list (DACL) and system access control list (SACL) access control entries (ACEs) in the ACL
-
Examples
The following example displays the security information about the path "/vol4" in Vserver vs1.
cluster1::> vserver security file-directory show -vserver vs1 -path /vol4 (vserver security file-directory show) Vserver: vs1 File Path: /vol4 File Inode Number: 64 Security Style: ntfs Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - Unix User Id: 0 Unix Group Id: 0 Unix Mode Bits: 777 Unix Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor Control:0x8004 Owner:BUILTIN\Administrators Group:BUILTIN\Administrators DACL - ACEs ALLOW-Everyone-0x1f01ff ALLOW-Everyone-0x10000000-OI|CI|IO
The following example displays the security information about the path "/a/b/file.txt" in Vserver vs1.
cluster1::> vserver security file-directory show -vserver vs1 -path /a/b/file.txt -volume-name vol1 (vserver security file-directory show) Vserver: vs1 File Path: /vol1/a/b/file.txt File Inode Number: 101 Security Style: ntfs Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - Unix User Id: 0 Unix Group Id: 0 Unix Mode Bits: 777 Unix Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor Control:0x8004 Owner:BUILTIN\Administrators Group:BUILTIN\Administrators DACL - ACEs ALLOW-Everyone-0x1f01ff ALLOW-Everyone-0x10000000-OI|CI|IO
The following example displays the security information of the volume path "/vol1" containing SLAG.
cluster1::> vserver security file-directory show -vserver vs1 -path /vol1 Vserver: vs1 File Path: /vol1 File Inode Number: 64 Security Style: mixed Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attribute: - Unix User Id: 0 Unix Group Id: 1 Unix Mode Bits: 777 Unix Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor Control:0xbf14 Owner:CIFS1\Administrator Group:CIFS1\Domain Admins SACL - ACEs ALL-Everyone-0xf01ff-OI|CI|SA|FA RESOURCE ATTRIBUTE-Everyone-0x0 ("Department_MS",TS,0x10020,"Finance") POLICY ID-All resources - No Write-0x0-OI|CI DACL - ACEs ALLOW-CIFS1\Administrator-0x1f01ff-OI|CI ALLOW-Everyone-0x1f01ff-OI|CI ALLOW CALLBACK-DAC\skanyal-0x1200a9-OI|CI ((@User.department==@Resource.Department_MS@Resource.Impact_MS>1000)@Device.department==@Resource.Department_MS) Storage-Level Access Guard security SACL (Applies to Directories): AUDIT-R1\user1-0x001f01ff-FA DACL (Applies to Directories): ALLOW-R1\user1-0x001f01ff ALLOW-R1\user2-0x001200a9 SACL (Applies to Files): AUDIT-R1\user1-0x001f01ff-FA DACL (Applies to Files): ALLOW-R1\user1-0x001f01ff ALLOW-R1\user2-0x001200a9
The following example displays the security information of the qtree path "/vol1/q1" containing SLAG.
cluster1::> vserver security file-directory show -vserver vs1 -path /vol1/q1 Vserver: vs1 File Path: /vol1/q1 File Inode Number: 105 Security Style: mixed Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attribute: - Unix User Id: 0 Unix Group Id: 1 Unix Mode Bits: 777 Unix Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor Control:0xbf14 Owner:CIFS1\Administrator Group:CIFS1\Domain Admins SACL - ACEs ALL-Everyone-0xf01ff-OI|CI|SA|FA DACL - ACEs ALLOW-CIFS1\Administrator-0x1f01ff-OI|CI ALLOW-Everyone-0x1f01ff-OI|CI Storage-Level Access Guard security SACL (Applies to Directories): AUDIT-R1\user1-0x001f01ff-FA DACL (Applies to Directories): ALLOW-R1\user1-0x001f01ff ALLOW-R1\user2-0x001200a9 SACL (Applies to Files): AUDIT-R1\user1-0x001f01ff-FA DACL (Applies to Files): ALLOW-R1\user1-0x001f01ff ALLOW-R1\user2-0x001200a9