ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • vserver security file-directory show

    Display file/folder security information

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    The vserver security file-directory show command displays file/folder security information. The command output depends on the parameter or parameters specified with the command.

    The -vserver and -path parameters are required for this command. If you do not specify any of the optional parameters, the command displays all security information in list format for the specified path.

    You can specify the -fields parameter to specify which fields of information to display about files and folders security.

    You can specify the -instance parameter to display all the security information in list format.

    Parameters

    { [-fields <fieldname>,…​]

    If you specify the -fields <fieldname>, …​ parameter, the command only displays the fields that you specify.

    | [-instance ] }

    If you specify the -instance parameter, the command displays detailed information about all entries.

    -vserver <vserver> - Vserver

    Use this required parameter to specify the Vserver that contains the path to the file or folder specified with the required -path parameter.

    { [-path <text>] - File Path

    Use this field to specify the path of the file or folder for which you want to display security information. If the volume name is not specified in the path, the path is relative to the Vserver root volume. If the path’s last subcomponent has a wildcard ("*"), the output will display information for all files and directories below the parent path.

    If you want to display information of a file or directory which contains wildcard ("*") as its last sub-component, then provide the complete path inside "<path>".

    For instance, vserver security file-directory show -vserver vs1 -path "/vol1/" will show ACL information for the directory named "", only.

    | [-inode <integer>] - File Inode Number }

    Use this field to specify the inode number of the file or folder for which you want to display security information. If the volume name is not specified, inode is searched in the Vserver root volume.

    { [-volume-name <volume name>] - Volume Name

    If you specify this parameter, the command displays information about file and directory security only for files and directories where the specified path is relative to the specified volume. If this parameter is not specified, the Vserver root volume is taken as default.

    | [-share-name <Share>] - Share Name }

    If you specify this parameter, the command displays information about file and directory security only for files and directories contained where the specified path is relative to the root of the specified share. If this parameter is not specified, the Vserver root volume is taken as default.

    [-lookup-names {true|false}] - SID to Name Lookups

    If you specify this parameter, the command displays information about file and directory security for files and directories where the information about owner and group are stored as names. If set to false, the command displays information about file and directory security for files and directories where the information for owner and group are stored as SIDs.

    { [-expand-mask {true|false}] - Expand Bit Masks

    If you specify this parameter, the command displays information about file and directory security for files and directories where the hexadecimal bit mask entries are in expanded bit form. If set to false, the command displays information about file and directory security for files and directories where the hexadecimal bit mask entries are in collapsed form.

    | [-textual-mask {true|false}] - Show Textual Mask

    If you specify this parameter as true , the command displays information about file and directory security for files and directories where the hexadecimal bit mask is translated to texual format.

    | [-sddl {true|false}] - Display ACLs in SDDL Format }

    If you specify this parameter, the command displays the ACL information for files and directories in Security Descriptor Definition Language (SDDL) format. If the file has effective-style as "unix" then this flag has no effect.

    [-security-style <security style>] - Security Style

    If you specify this parameter, the command displays information about file and directory security only for files and directories with paths in volumes of the specified security style.

    [-effective-style <security style>] - Effective Style

    If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified effective security style on the path.

    [-dos-attributes <Hex Integer>] - DOS Attributes

    If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified DOS attributes.

    [-text-dos-attr <TextNoCase>] - DOS Attributes in Text

    If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified text DOS attributes.

    [-expanded-dos-attr <TextNoCase>] - Expanded Dos Attributes

    If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified extended DOS attributes. This parameter is useful only for files or directories where the –expand-mask is set to true.

    [-user-id <user name>] - UNIX User Id

    If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX user ID.

    [-group-id <group name>] - UNIX Group Id

    If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX group ID.

    [-mode-bits <Octal Permission>] - UNIX Mode Bits

    If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX mode bits in Octal form.

    [-text-mode-bits <text>] - UNIX Mode Bits in Text

    If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified UNIX mode bits in text form.

    [-acls <Security acl>,…​] - ACLs

    If you specify this parameter, the command displays information about file and directory security only for files and directories with the specified ACLs. If the specified path is a volume or qtree path and Storage-Level Access Guard (SLAG) is configured on the volume or qtree, this parameter displays the SLAG information. It also displays the Dynamic Access Control (DAC) policies if DAC is configured for the given file or directory path. The following ACL information can be entered:

    • Type of ACL - NTFS or NFSV4

    • Control bits in the security descriptors

    • Owner - only in case of NTFS security descriptors

    • Group - only in case of NTFS security descriptors

    • Access Control Entries - discretionary access control list (DACL) and system access control list (SACL) access control entries (ACEs) in the ACL

    Examples

    The following example displays the security information about the path "/vol4" in Vserver vs1.

    cluster1::> vserver security file-directory show -vserver vs1 -path /vol4
                  (vserver security file-directory show)
    Vserver: vs1
                              File Path: /vol4
                      File Inode Number: 64
                         Security Style: ntfs
                        Effective Style: ntfs
                         DOS Attributes: 10
                 DOS Attributes in Text: ----D---
                Expanded Dos Attributes: -
                           Unix User Id: 0
                          Unix Group Id: 0
                         Unix Mode Bits: 777
                 Unix Mode Bits in Text: rwxrwxrwx
                                   ACLs: NTFS Security Descriptor
                                         Control:0x8004
                                         Owner:BUILTIN\Administrators
                                         Group:BUILTIN\Administrators
                                         DACL - ACEs
                                         ALLOW-Everyone-0x1f01ff
                                         ALLOW-Everyone-0x10000000-OI|CI|IO

    The following example displays the security information about the path "/a/b/file.txt" in Vserver vs1.

    cluster1::> vserver security file-directory show -vserver vs1 -path /a/b/file.txt -volume-name vol1
                      (vserver security file-directory show)
    Vserver: vs1
                                    File Path: /vol1/a/b/file.txt
                            File Inode Number: 101
                               Security Style: ntfs
                              Effective Style: ntfs
                               DOS Attributes: 10
                       DOS Attributes in Text: ----D---
                      Expanded Dos Attributes: -
                                 Unix User Id: 0
                                Unix Group Id: 0
                               Unix Mode Bits: 777
                       Unix Mode Bits in Text: rwxrwxrwx
                                         ACLs: NTFS Security Descriptor
                                               Control:0x8004
                                               Owner:BUILTIN\Administrators
                                               Group:BUILTIN\Administrators
                                        DACL - ACEs
                                        ALLOW-Everyone-0x1f01ff
                                        ALLOW-Everyone-0x10000000-OI|CI|IO

    The following example displays the security information of the volume path "/vol1" containing SLAG.

    cluster1::> vserver security file-directory show -vserver vs1 -path /vol1
                               Vserver: vs1
                             File Path: /vol1
                     File Inode Number: 64
                        Security Style: mixed
                       Effective Style: ntfs
                        DOS Attributes: 10
                DOS Attributes in Text: ----D---
                Expanded Dos Attribute: -
                          Unix User Id: 0
                         Unix Group Id: 1
                        Unix Mode Bits: 777
                Unix Mode Bits in Text: rwxrwxrwx
                                  ACLs: NTFS Security Descriptor
                                        Control:0xbf14
                                        Owner:CIFS1\Administrator
                                        Group:CIFS1\Domain Admins
                                        SACL - ACEs
                                           ALL-Everyone-0xf01ff-OI|CI|SA|FA
                                           RESOURCE ATTRIBUTE-Everyone-0x0
                                             ("Department_MS",TS,0x10020,"Finance")
                                           POLICY ID-All resources - No Write-0x0-OI|CI
                                        DACL - ACEs
                                           ALLOW-CIFS1\Administrator-0x1f01ff-OI|CI
                                           ALLOW-Everyone-0x1f01ff-OI|CI
                                           ALLOW CALLBACK-DAC\skanyal-0x1200a9-OI|CI
                                             ((@User.department==@Resource.Department_MS@Resource.Impact_MS>1000)@Device.department==@Resource.Department_MS)
    Storage-Level Access Guard security
                                        SACL (Applies to Directories):
                                           AUDIT-R1\user1-0x001f01ff-FA
                                        DACL (Applies to Directories):
                                           ALLOW-R1\user1-0x001f01ff
                                           ALLOW-R1\user2-0x001200a9
                                        SACL (Applies to Files):
                                           AUDIT-R1\user1-0x001f01ff-FA
                                        DACL (Applies to Files):
                                           ALLOW-R1\user1-0x001f01ff
                                           ALLOW-R1\user2-0x001200a9

    The following example displays the security information of the qtree path "/vol1/q1" containing SLAG.

    cluster1::> vserver security file-directory show -vserver vs1 -path /vol1/q1
                               Vserver: vs1
                             File Path: /vol1/q1
                     File Inode Number: 105
                        Security Style: mixed
                       Effective Style: ntfs
                        DOS Attributes: 10
                DOS Attributes in Text: ----D---
                Expanded Dos Attribute: -
                          Unix User Id: 0
                         Unix Group Id: 1
                        Unix Mode Bits: 777
                Unix Mode Bits in Text: rwxrwxrwx
                                  ACLs: NTFS Security Descriptor
                                        Control:0xbf14
                                        Owner:CIFS1\Administrator
                                        Group:CIFS1\Domain Admins
                                        SACL - ACEs
                                           ALL-Everyone-0xf01ff-OI|CI|SA|FA
                                        DACL - ACEs
                                           ALLOW-CIFS1\Administrator-0x1f01ff-OI|CI
                                           ALLOW-Everyone-0x1f01ff-OI|CI
    Storage-Level Access Guard security
                                        SACL (Applies to Directories):
                                           AUDIT-R1\user1-0x001f01ff-FA
                                        DACL (Applies to Directories):
                                           ALLOW-R1\user1-0x001f01ff
                                           ALLOW-R1\user2-0x001200a9
                                        SACL (Applies to Files):
                                           AUDIT-R1\user1-0x001f01ff-FA
                                        DACL (Applies to Files):
                                           ALLOW-R1\user1-0x001f01ff
                                           ALLOW-R1\user2-0x001200a9
    Top of Page