跳转到主内容

为什么添加 NTFS SACL 会替换 DACL 条目?

Views:
15
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

适用于

  • ONTAP 9
  • CIFS
  • NTFS
  • SACL
  • DACL

问题解答

  • 配置NTFS SACL 使用创建新安全描述符将添加 4 个默认NTFS DACL条目

cluster1::> vserver security file-directory ntfs show -vserver svm1 -ntfs-sd sd1
There are no entries matching your query.

cluster1::> vserver security file-directory ntfs sacl add -vserver svm1 -ntfs-sd sd1 -access-type failure -account demo\user -rights full-control -apply-to this-folder,sub-folders,files

cluster1::> vserver security file-directory ntfs dacl show -vserver svm1 -ntfs-sd sd1

Vserver: svm1
  NTFS Security Descriptor Name: sd1

    Account Name     Access   Access             Apply To
                     Type     Rights
    --------------   -------  -------            -----------
   BUILTIN\Administrators
                     allow    full-control      this-folder, sub-folders, files
    BUILTIN\Users    allow    full-control      this-folder, sub-folders, files
    CREATOR OWNER    allow    full-control      this-folder, sub-folders, files
    NT AUTHORITY\SYSTEM
                     allow    full-control      this-folder, sub-folders, files
4 entries were displayed.

  • 如果对安全描述符运行 file-directory apply,则现有的 NTFS DACL 将被上面列出的默认 DACL 覆盖

如果有人在定义更明确的 DACL 之前意外应用了安全描述符,则允许数据访问

  • 在应用文件安全策略之前,请将 NTFS DACL 修改为所需的 DACL

删除这些默认 DACL 而不进行修改或替换所需 DACL 将导致数据访问丢失

 

追加信息

有关在 NTFS 安全描述符上添加/修改/删除 DACL 的详细信息
NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.