CIFS 共有の NTFS アクセス許可が特定のユーザーに有効にならない
に適用されます
- ONTAP 9
- clustered Data ONTAP 8.2+
問題
- ACL のアクセスが許可されていない場合でも、 CIFS 共有にアクセスできるユーザ
- ユーザには「 setCbPrivilege 」権限があります
::> set diag
::*> diag secd authentication show-creds -node cdot-vsim1-01 -vserver svm -win-name
test\user1
UNIX UID: pcuser <> Windows User: TEST\user1 (Windows Domain User)
GID: pcuser
Supplementary GIDs (partial):
pcuser
Primary Group SID: TEST\Domain Users (Windows Domain group)
Windows Membership:
TEST\Domain Users (Windows Domain group)
Service asserted identity (Windows Well known group)
BUILTIN\Users (Windows Alias)
User is also a member of Everyone, Authenticated Users, and Network Users
Privileges (0x2088):
SeTcbPrivilege
- 共有の権限には、このユーザのアクセス権も表示されません
::*> file-directory show -vserver svm -path /vol1/
<<< ドメイン管理者のみがアクセスを許可されます。
(vserver security file-directory show)
Vserver: svm
File Path: /vol1/
File Inode Number: 64
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 0
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x9504
Owner:BUILTIN\Administrators
Group:BUILTIN\Administrators
DACL - ACEs
ALLOW-TEST\Domain Admins-0x1f01ff-OI|CI
-
vserver
security trace
該当するユーザの出力"Access is allowed because the operation is trusted and no security is configured while opening existing file or directory. Access is granted for: <permissions>".