Control root user access to NTFS security-style data

Contributors

You can configure ONTAP to allow NFS clients access to NTFS security-style data and NTFS clients to access NFS security-style data. When using NTFS security style on an NFS data store, you must decide how to treat access by the root user and configure the storage virtual machine (SVM) accordingly.

About this task

When a root user accesses NTFS security-style data, you have two options:

  • Map the root user to a Windows user like any other NFS user and manage access according to NTFS ACLs.

  • Ignore NTFS ACLs and provide full access to root.

Steps
  1. Set the privilege level to advanced:

    set -privilege advanced

  2. Perform the desired action:

    If you want the root user to…​ Enter the command…​

    Be mapped to a Windows user

    vserver nfs modify -vserver vserver_name -ignore-nt-acl-for-root disabled

    Bypass the NT ACL check

    vserver nfs modify -vserver vserver_name -ignore-nt-acl-for-root enabled

    By default, this parameter is disabled.

    If this parameter is enabled but there is no name mapping for the root user, ONTAP uses a default SMB administrator credential for auditing.

  3. Return to the admin privilege level:

    set -privilege admin