Display information about file security on mixed security-style volumes
Suggest changes
PDFs
You can display information about file and directory security on mixed security-style volumes, including what the security style and effective security styles are, what permissions are applied, and information about UNIX owners and groups. You can use the results to validate your security configuration or to troubleshoot file access issues.
You must supply the name of the storage virtual machine (SVM) and the path to the data whose file or folder security information you want to display. You can display the output in summary form or as a detailed list.
-
Mixed security-style volumes and qtrees can contain some files and folders that use UNIX file permissions, either mode bits or NFSv4 ACLs, and some files and directories that use NTFS file permissions.
-
The top level of a mixed security-style volume can have either UNIX or NTFS effective security.
-
ACL output is displayed only for file and folders with NTFS or NFSv4 security.
This field is empty for files and directories using UNIX security that have only mode bit permissions applied (no NFSv4 ACLs).
-
The owner and group output fields in the ACL output apply only in the case of NTFS security descriptors.
-
Because Storage-Level Access Guard security can be configured on a mixed security-style volume or qtree even if the effective security style of the volume root or qtree is UNIX, output for a volume or qtree path where Storage-Level Access Guard is configured might display both UNIX file permissions and Storage-Level Access Guard ACLs.
-
If the path entered in the command is to data with NTFS effective security, the output also displays information about Dynamic Access Control ACEs if Dynamic Access Control is configured for the given file or directory path.
-
Display file and directory security settings with the desired level of detail:
If you want to display information… Enter the following command… In summary form
vserver security file-directory show -vserver vserver_name -path pathWith expanded detail
vserver security file-directory show -vserver vserver_name -path path -expand-mask true
The following example displays the security information about the path /projects in SVM vs1 in expanded-mask form. This mixed security-style path has UNIX effective security.
cluster1::> vserver security file-directory show -vserver vs1 -path /projects -expand-mask true
Vserver: vs1
File Path: /projects
File Inode Number: 78
Security Style: mixed
Effective Style: unix
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: 0x10
...0 .... .... .... = Offline
.... ..0. .... .... = Sparse
.... .... 0... .... = Normal
.... .... ..0. .... = Archive
.... .... ...1 .... = Directory
.... .... .... .0.. = System
.... .... .... ..0. = Hidden
.... .... .... ...0 = Read Only
Unix User Id: 0
Unix Group Id: 1
Unix Mode Bits: 700
Unix Mode Bits in Text: rwx------
ACLs: -
The following example displays the security information about the path /data in SVM vs1. This mixed security-style path has an NTFS effective security.
cluster1::> vserver security file-directory show -vserver vs1 -path /data
Vserver: vs1
File Path: /data
File Inode Number: 544
Security Style: mixed
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
Unix User Id: 0
Unix Group Id: 0
Unix Mode Bits: 777
Unix Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x8004
Owner:BUILTIN\Administrators
Group:BUILTIN\Administrators
DACL - ACEs
ALLOW-Everyone-0x1f01ff
ALLOW-Everyone-0x10000000-OI|CI|IO
The following example displays the security information about the volume at the path /datavol5 in SVM vs1. The top level of this mixed security-style volume has UNIX effective security. The volume has Storage-Level Access Guard security.
cluster1::> vserver security file-directory show -vserver vs1 -path /datavol5
Vserver: vs1
File Path: /datavol5
File Inode Number: 3374
Security Style: mixed
Effective Style: unix
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
Unix User Id: 0
Unix Group Id: 0
Unix Mode Bits: 755
Unix Mode Bits in Text: rwxr-xr-x
ACLs: Storage-Level Access Guard security
SACL (Applies to Directories):
AUDIT-EXAMPLE\Domain Users-0x120089-FA
AUDIT-EXAMPLE\engineering-0x1f01ff-SA
AUDIT-EXAMPLE\market-0x1f01ff-SA
DACL (Applies to Directories):
ALLOW-BUILTIN\Administrators-0x1f01ff
ALLOW-CREATOR OWNER-0x1f01ff
ALLOW-EXAMPLE\Domain Users-0x120089
ALLOW-EXAMPLE\engineering-0x1f01ff
ALLOW-EXAMPLE\market-0x1f01ff
SACL (Applies to Files):
AUDIT-EXAMPLE\Domain Users-0x120089-FA
AUDIT-EXAMPLE\engineering-0x1f01ff-SA
AUDIT-EXAMPLE\market-0x1f01ff-SA
DACL (Applies to Files):
ALLOW-BUILTIN\Administrators-0x1f01ff
ALLOW-CREATOR OWNER-0x1f01ff
ALLOW-EXAMPLE\Domain Users-0x120089
ALLOW-EXAMPLE\engineering-0x1f01ff
ALLOW-EXAMPLE\market-0x1f01ff
Displaying information about file security on NTFS security-style volumes