メインコンテンツまでスキップ

CIFS 共有の NTFS アクセス許可が特定のユーザーに有効にならない

Views:
22
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

に適用されます

  • ONTAP 9
  • clustered Data ONTAP 8.2+

問題

  • ACL のアクセスが許可されていない場合でも、 CIFS 共有にアクセスできるユーザ
  • ユーザには「 setCbPrivilege 」権限があります

::> set diag
::*> diag secd authentication show-creds -node cdot-vsim1-01 -vserver svm -win-name

test\user1
   UNIX UID: pcuser <> Windows User: TEST\user1 (Windows Domain User)
   GID: pcuser
   Supplementary GIDs (partial):
   pcuser
   Primary Group SID: TEST\Domain Users (Windows Domain group)

Windows Membership:
   TEST\Domain Users (Windows Domain group)
   Service asserted identity (Windows Well known group)
   BUILTIN\Users (Windows Alias)
   User is also a member of Everyone, Authenticated Users, and Network Users
   Privileges (0x2088):
   SeTcbPrivilege

  • 共有の権限には、このユーザのアクセス権も表示されません

::*> file-directory show -vserver svm -path /vol1/
(vserver security file-directory show)
Vserver: svm
   File Path: /vol1/
   File Inode Number: 64
   Security Style: ntfs
   Effective Style: ntfs
   DOS Attributes: 10
   DOS Attributes in Text: ----D---

Expanded Dos Attributes: -
   UNIX User Id: 0
   UNIX Group Id: 0
   UNIX Mode Bits: 777
   UNIX Mode Bits in Text: rwxrwxrwx
   ACLs: NTFS Security Descriptor

Control:0x9504
   Owner:BUILTIN\Administrators
   Group:BUILTIN\Administrators
   DACL - ACEs
   ALLOW-TEST\Domain Admins-0x1f01ff-OI|CI
<<< ドメイン管理者のみがアクセスを許可されます。

  • vserver security trace 該当するユーザの出力

    "Access is allowed because the operation is trusted and no security is configured while opening existing file or directory. Access is granted for: <permissions>".

 

 

 

 

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support