vserver security file-directory policy create
Create a file security policy
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver security file-directory policy create
command creates a security policy for a Vserver. A policy acts as a container for various tasks where each task is a single entry that can be applied to a file/folder.
Creating a security policy is the third step in configuring and applying security ACLs to a file or folder. You will later add tasks to the security policy.
|
You cannot modify a security policy. If you want to apply a policy with the same settings to a different Vserver, you must create a new policy with the same configuration and apply it to the desired Vserver. |
The steps to creating and applying NTFS ACLs are the following:
-
Create an NTFS security descriptor.
-
Add DACLS and SACLS to the NTFS security descriptor.
|
If you want to audit file and directory events, you must configure auditing on the Vserver in addition to adding SACLs to the security descriptor. |
-
Create a file/directory security policy.
This step associates the policy with a Vserver.
* Create policy tasks.
A policy task refers to a single operation to apply to a file (or folder) or to a set of files (or folders). Amongst other things, the task defines which security descriptor to apply to a path.
* Apply a policy to the associated Vserver.
Parameters
-vserver <vserver name>
- Vserver-
Specifies the name of the Vserver on which to create the security policy.
-policy-name <Security policy name>
- Policy Name-
Specifies the name of the security policy.
Examples
The following example creates a security policy named “policy1” on Vserver vs1.
cluster1::> vserver security file-directory policy create -policy-name policy1 -vserver vs1 cluster1::> vserver security file-directory policy show Vserver Policy Name ------------ -------------- vs1 policy1