CIFS 共享上的 NTFS 权限不会对特定用户生效

最后更新
另存为PDF

Views:: 5

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: cifs

Last Updated:

适用于

ONTAP 9
集群模式 Data ONTAP 8.2+

问题

即使 ACL 不允许访问、但能够访问 CIFS 共享的用户
用户具有 "setcbprivilege" 权限

::> set diag ::*> diag secd authentication show-creds -node cdot-vsim1-01 -vserver svm -win-name test\user1 UNIX UID: pcuser <> Windows User: TEST\user1 (Windows Domain User) GID: pcuser Supplementary GIDs (partial): pcuser Primary Group SID: TEST\Domain Users (Windows Domain group) Windows Membership: TEST\Domain Users (Windows Domain group) Service asserted identity (Windows Well known group) BUILTIN\Users (Windows Alias) User is also a member of Everyone, Authenticated Users, and Network Users Privileges (0x2088): SeTcbPrivilege

共享上的权限也不显示此用户的访问权限

::*> file-directory show -vserver svm -path /vol1/ (vserver security file-directory show) Vserver: svm File Path: /vol1/ File Inode Number: 64 Security Style: ntfs Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 777 UNIX Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor Control:0x9504 Owner:BUILTIN\Administrators Group:BUILTIN\Administrators DACL - ACEs ALLOW-TEST\Domain Admins-0x1f01ff-OI|CI <<<< 仅允许域管理员访问。

vserver security trace 有关用户的输出

"Access is allowed because the operation is trusted and no security is configured while opening existing file or directory. Access is granted for: <permissions>".