CIFS 共享上的 NTFS 权限不会对特定用户生效
适用于
- ONTAP 9
- 集群模式 Data ONTAP 8.2+
问题
- 即使 ACL 不允许访问、但能够访问 CIFS 共享的用户
- 用户具有 "setcbprivilege" 权限
::> set diag
::*> diag secd authentication show-creds -node cdot-vsim1-01 -vserver svm -win-name
test\user1
UNIX UID: pcuser <> Windows User: TEST\user1 (Windows Domain User)
GID: pcuser
Supplementary GIDs (partial):
pcuser
Primary Group SID: TEST\Domain Users (Windows Domain group)
Windows Membership:
TEST\Domain Users (Windows Domain group)
Service asserted identity (Windows Well known group)
BUILTIN\Users (Windows Alias)
User is also a member of Everyone, Authenticated Users, and Network Users
Privileges (0x2088):
SeTcbPrivilege
- 共享上的权限也不显示此用户的访问权限
::*> file-directory show -vserver svm -path /vol1/
<<<< 仅允许域管理员访问。
(vserver security file-directory show)
Vserver: svm
File Path: /vol1/
File Inode Number: 64
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 0
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x9504
Owner:BUILTIN\Administrators
Group:BUILTIN\Administrators
DACL - ACEs
ALLOW-TEST\Domain Admins-0x1f01ff-OI|CI
-
vserver
security trace
有关用户的输出"Access is allowed because the operation is trusted and no security is configured while opening existing file or directory. Access is granted for: <permissions>".