跳转到主内容

为什么添加NTFS SACL会替换DACL条目?

Views:
8
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>2009年12月68日</a>
Last Updated:

适用场景

  • ONTAP 9
  • CIFS
  • NTFS
  • SACL
  • DACL

问题解答

  • 配置 NTFSSACL 并创建新的安全描述符将添加4 个默认 NTFSDACL 条目

cluster1::> vserver security file-directory ntfs show -vserver svm1 -ntfs-sd sd1
There are no entries matching your query.

cluster1::> vserver security file-directory ntfs sacl add -vserver svm1 -ntfs-sd sd1 -access-type failure -account demo\user -rights full-control -apply-to this-folder,sub-folders,files

cluster1::> vserver security file-directory ntfs dacl show -vserver svm1 -ntfs-sd sd1

Vserver: svm1
  NTFS Security Descriptor Name: sd1

    Account Name     Access   Access             Apply To
                     Type     Rights
    --------------   -------  -------            -----------
   BUILTIN\Administrators
                     allow    full-control      this-folder, sub-folders, files
    BUILTIN\Users    allow    full-control      this-folder, sub-folders, files
    CREATOR OWNER    allow    full-control      this-folder, sub-folders, files
    NT AUTHORITY\SYSTEM
                     allow    full-control      this-folder, sub-folders, files
4 entries were displayed.

  • 如果 [1] 对安全描述符运行文件目录应用、则现有NTFS DACL将被上面列出的默认ACL覆盖
    • 这样、如果在定义更显式的DACL之前有人意外应用了安全描述符、则可以访问数据
  • 在应用文件安全策略之前、请将NTFS DACL修改为所需的设置
    • 如果删除这些默认DACL而不进行修改或替换为所需的DACL、则会导致无法访问数据
 

追加信息

有关在NTFS安全描述符上添加/修改/删除DACL的更多信息
NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.