Interpret security trace results
Suggest changes
PDFs
Security trace results provide the reason that a request was allowed or denied. Output displays the result as a combination of the reason for allowing or denying access and the location within the access checking pathway where access is either allowed or denied. You can use the results to isolate and identify why actions are or are not allowed.
Finding information about the lists of result types and filter details
You can find the lists of result types and filter details that can be included in the security trace results in the man pages for the vserver security trace trace-result show command.
Reason field in an Allow result typeThe following is an example of the output from the Reason field that appears in the trace results log in an Allow result type:
Access is allowed because SMB implicit permission grants requested access while opening existing file or directory.
Access is allowed because NFS implicit permission grants requested access while opening existing file or directory.
Reason field in an Allow result typeThe following is an example of the output from the Reason field that appears in the trace results log in a Deny result type:
Access is denied. The requested permissions are not granted by the ACE while checking for child-delete access on the parent.
Filter details fieldThe following is an example of the output from the Filter details field in the trace results log, which list the effective security style of the file system containing files and folders that match the filter criteria:
Security Style: MIXED and ACL