application commands
vserver security file-directory show
Suggest changes
PDFs
Display file/folder security information
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver security file-directory show command displays file/folder security information. The command output depends on the parameter or parameters specified with the command.
The -vserver and -path parameters are required for this command. If you do not specify any of the optional parameters, the command displays all security information in list format for the specified path.
You can specify the -fields parameter to specify which fields of information to display about files and folders security.
You can specify the -instance parameter to display all the security information in list format.
Parameters
- {
[-fields <fieldname>,…] -
If you specify the -fields <fieldname>, … parameter, the command only displays the fields that you specify.
- |
[-instance ]} -
If you specify the -instance parameter, the command displays detailed information about all entries.
-vserver <vserver>- Vserver-
Use this required parameter to specify the Vserver that contains the path to the file or folder specified with the required
-pathparameter. - {
[-path <text>]- File Path -
Use this field to specify the path of the file or folder for which you want to display security information. If the volume name is not specified in the path, the path is relative to the Vserver root volume. If the path's last subcomponent has a wildcard ("*"), the output will display information for all files and directories below the parent path.
If you want to display information of a file or directory which contains wildcard ("*") as its last sub-component, then provide the complete path inside "<path>". For instance, vserver security file-directory show -vserver vs1 -path "/vol1/" will show ACL information for the directory named "", only.
- |
[-inode <integer>]- File Inode Number } -
Use this field to specify the inode number of the file or folder for which you want to display security information. If the volume name is not specified, inode is searched in the Vserver root volume.
- {
[-volume-name <volume name>]- Volume Name -
If you specify this parameter, the command displays information about file and directory security only for files and directories where the specified path is relative to the specified volume. If this parameter is not specified, the Vserver root volume is taken as default.
- |
[-share-name <Share>]- Share Name } -
If you specify this parameter, the command displays information about file and directory security only for files and directories contained where the specified path is relative to the root of the specified share. If this parameter is not specified, the Vserver root volume is taken as default.
[-lookup-names {true|false}]- SID to Name Lookups-
If you specify this parameter, the command displays information about file and directory security for files and directories where the information about owner and group are stored as names. If set to false, the command displays information about file and directory security for files and directories where the information for owner and group are stored as SIDs.
- {
[-expand-mask {true|false}]- Expand Bit Masks -
If you specify this parameter, the command displays information about file and directory security for files and directories where the hexadecimal bit mask entries are in expanded bit form. If set to false, the command displays information about file and directory security for files and directories where the hexadecimal bit mask entries are in collapsed form.
- |
[-textual-mask {true|false}]- Show Textual Mask -
If you specify this parameter as
true, the command displays information about file and directory security for files and directories where the hexadecimal bit mask is translated to texual format. - |
[-sddl {true|false}]- Display ACLs in SDDL Format } -
If you specify this parameter, the command displays the ACL information for files and directories in Security Descriptor Definition Language (SDDL) format. If the file has
effective-styleas "unix" then this flag has no effect. [-security-style <security style>]- Security Style-
If you specify this parameter, the command displays information about file and directory security only for files and directories with paths in volumes of the specified security style.
[-effective-style <security style>]- Effective Style-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified effective security style on the path.
[-dos-attributes <Hex Integer>]- DOS Attributes-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified DOS attributes.
[-text-dos-attr <TextNoCase>]- DOS Attributes in Text-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified text DOS attributes.
[-expanded-dos-attr <TextNoCase>]- Expanded Dos Attributes-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified extended DOS attributes. This parameter is useful only for files or directories where the
–expand-maskis set to true. [-user-id <user name>]- UNIX User Id-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX user ID.
[-group-id <group name>]- UNIX Group Id-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX group ID.
[-mode-bits <Octal Permission>]- UNIX Mode Bits-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX mode bits in Octal form.
[-text-mode-bits <text>]- UNIX Mode Bits in Text-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX mode bits in text form.
[-acls <Security acl>,…]- ACLs-
If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified ACLs. If the specified path is a volume or qtree path and Storage-Level Access Guard (SLAG) is configured on the volume or qtree, this parameter displays the SLAG information. It also displays the Dynamic Access Control (DAC) policies if DAC is configured for the given file or directory path. The following ACL information can be entered:
-
Type of ACL - NTFS or NFSV4
-
Control bits in the security descriptors
-
Owner - only in case of NTFS security descriptors
-
Group - only in case of NTFS security descriptors
-
Access Control Entries - discretionary access control list (DACL) and system access control list (SACL) access control entries (ACEs) in the ACL
-
Examples
The following example displays the security information about the path "/vol4" in Vserver vs1.
cluster1::> vserver security file-directory show -vserver vs1 -path /vol4
(vserver security file-directory show)
Vserver: vs1
File Path: /vol4
File Inode Number: 64
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
Unix User Id: 0
Unix Group Id: 0
Unix Mode Bits: 777
Unix Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x8004
Owner:BUILTIN\Administrators
Group:BUILTIN\Administrators
DACL - ACEs
ALLOW-Everyone-0x1f01ff
ALLOW-Everyone-0x10000000-OI|CI|IO
The following example displays the security information about the path "/a/b/file.txt" in Vserver vs1.
cluster1::> vserver security file-directory show -vserver vs1 -path /a/b/file.txt -volume-name vol1
(vserver security file-directory show)
Vserver: vs1
File Path: /vol1/a/b/file.txt
File Inode Number: 101
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
Unix User Id: 0
Unix Group Id: 0
Unix Mode Bits: 777
Unix Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x8004
Owner:BUILTIN\Administrators
Group:BUILTIN\Administrators
DACL - ACEs
ALLOW-Everyone-0x1f01ff
ALLOW-Everyone-0x10000000-OI|CI|IO
The following example displays the security information of the volume path "/vol1" containing SLAG.
cluster1::> vserver security file-directory show -vserver vs1 -path /vol1
Vserver: vs1
File Path: /vol1
File Inode Number: 64
Security Style: mixed
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attribute: -
Unix User Id: 0
Unix Group Id: 1
Unix Mode Bits: 777
Unix Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0xbf14
Owner:CIFS1\Administrator
Group:CIFS1\Domain Admins
SACL - ACEs
ALL-Everyone-0xf01ff-OI|CI|SA|FA
RESOURCE ATTRIBUTE-Everyone-0x0
("Department_MS",TS,0x10020,"Finance")
POLICY ID-All resources - No Write-0x0-OI|CI
DACL - ACEs
ALLOW-CIFS1\Administrator-0x1f01ff-OI|CI
ALLOW-Everyone-0x1f01ff-OI|CI
ALLOW CALLBACK-DAC\skanyal-0x1200a9-OI|CI
((@User.department==@Resource.Department_MS@Resource.Impact_MS>1000)@Device.department==@Resource.Department_MS)
Storage-Level Access Guard security
SACL (Applies to Directories):
AUDIT-R1\user1-0x001f01ff-FA
DACL (Applies to Directories):
ALLOW-R1\user1-0x001f01ff
ALLOW-R1\user2-0x001200a9
SACL (Applies to Files):
AUDIT-R1\user1-0x001f01ff-FA
DACL (Applies to Files):
ALLOW-R1\user1-0x001f01ff
ALLOW-R1\user2-0x001200a9
The following example displays the security information of the qtree path "/vol1/q1" containing SLAG.
cluster1::> vserver security file-directory show -vserver vs1 -path /vol1/q1
Vserver: vs1
File Path: /vol1/q1
File Inode Number: 105
Security Style: mixed
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attribute: -
Unix User Id: 0
Unix Group Id: 1
Unix Mode Bits: 777
Unix Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0xbf14
Owner:CIFS1\Administrator
Group:CIFS1\Domain Admins
SACL - ACEs
ALL-Everyone-0xf01ff-OI|CI|SA|FA
DACL - ACEs
ALLOW-CIFS1\Administrator-0x1f01ff-OI|CI
ALLOW-Everyone-0x1f01ff-OI|CI
Storage-Level Access Guard security
SACL (Applies to Directories):
AUDIT-R1\user1-0x001f01ff-FA
DACL (Applies to Directories):
ALLOW-R1\user1-0x001f01ff
ALLOW-R1\user2-0x001200a9
SACL (Applies to Files):
AUDIT-R1\user1-0x001f01ff-FA
DACL (Applies to Files):
ALLOW-R1\user1-0x001f01ff
ALLOW-R1\user2-0x001200a9