使用 NFSv4 或 NTFS ACL 时 FlexGroup 的间歇性访问被拒绝
适用于
- ONTAP 9.10.1 之前的 ONTAP 版本
- Flexgroup
- NFSv4 ACL
- NTFS ACL
问题描述
- 在配置了 NFSv4_acls 或 Windows NTFS ACL 的文件/文件夹上的 Flexgroup 卷上间歇性拒绝访问。
- 一段时间后,无需干预即可恢复访问
- 安全跟踪捕获成功和失败案例表明在发生问题时 NFSv4 ACL 不存在,并且根据 UNIX 模式位确定访问:
-
Protocol: cifs
Volume: -
Share: share1
Path: /folder1/folder2/
file1
Win-User: DOMAIN\user
UNIX-User: user
Session-ID: 1122334455667788990
node-01 1 Security Style: UNIX <<< Access is denied by UNIX <<<
permissions permissions while traversing
the directory. Access is not
granted for: "Synchronize",
"Read Control", "Read
Attributes", "Execute"Protocol: cifs
Volume: -
Share: share1
Path: /folder1/folder2/
file1
Win-User: DOMAIN\user
UNIX-User: user
Session-ID: 1122334455667788990
node=01 1 Security Style: UNIX and <<<< Access is allowed because <<<
NFSv4 ACL explicit ACE grants requested
access while opening existing
file or directory. Access is
granted for: "Read Control",
"Read Attributes", "Read EA",
"Read"