由于ACE列表中存在拒绝规则、无法访问CIFS

最后更新
另存为PDF

Views:: 10

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

适用场景

ONTAP 9及更高版本
CIFS

问题描述

用户可以通过Windows访问存储、但无法使用CIFS从UNIX访问同一卷。
Sectrace显示以下错误：

vserver1   5    Security Style: NTFS and     Access is denied. The
             NT ACL            requested permissions are not
                          granted by the ACE while
                          opening existing file or
                          directory. Access is not
                          granted for: "Read
                          Attributes", "Read"
             Protocol: cifs
             Volume: -
             Share: share1
             Path: /vol/file
             Win-User: nas\user1
             UNIX-User: pcuser
             Session-ID: 17159277530640102807

客户端出现权限被拒绝错误：

root@host1 ls -la

ls: reading directory '.': Permission denied

拒绝列表中添加的ACE规则：

::> vserver security file-directory show -vserver vserver1 -path /vol/file
      Vserver: vserver1
         File Path: /vol/file
     File Inode Number: 57936462
      Security Style: ntfs
      Effective Style: ntfs
      DOS Attributes: 10
  DOS Attributes in Text: ----D---
 Expanded Dos Attributes: -
       UNIX User Id: 0
       UNIX Group Id: 1
      UNIX Mode Bits: 777
  UNIX Mode Bits in Text: rwxrwxrwx
           ACLs: NTFS Security Descriptor
              Control:0xbf14
              Owner:BUILTIN\administrators
              Group:AMAT\Domain Users
              DACL - ACEs
               ALLOW-BUILTIN\administrators-0x1f01ff-OI|CI
                    ALLOW-nas\user1-0x10000
               ALLOW-NT AUTHORITY\SYSTEM-0x1f01ff-OI|CI
                    DENY-nas\user1-CHANGE-0x10000