为什么添加 NTFS SACL 会替换 DACL 条目?
适用于
- ONTAP 9
- CIFS
- NTFS
- SACL
- DACL
问题解答
配置NTFS SACL 使用创建新安全描述符将添加 4 个默认NTFS DACL条目
cluster1::> vserver security file-directory ntfs show -vserver svm1 -ntfs-sd sd1
There are no entries matching your query.
cluster1::> vserver security file-directory ntfs sacl add -vserver svm1 -ntfs-sd sd1 -access-type failure -account demo\user -rights full-control -apply-to this-folder,sub-folders,files
cluster1::> vserver security file-directory ntfs dacl show -vserver svm1 -ntfs-sd sd1
Vserver: svm1
NTFS Security Descriptor Name: sd1
Account Name Access Access Apply To
Type Rights
-------------- ------- ------- -----------
BUILTIN\Administrators
allow full-control this-folder, sub-folders, files
BUILTIN\Users allow full-control this-folder, sub-folders, files
CREATOR OWNER allow full-control this-folder, sub-folders, files
NT AUTHORITY\SYSTEM
allow full-control this-folder, sub-folders, files
4 entries were displayed.
- 如果对安全描述符运行 file-directory apply,则现有的 NTFS DACL 将被上面列出的默认 DACL 覆盖
如果有人在定义更明确的 DACL 之前意外应用了安全描述符,则允许数据访问
- 在应用文件安全策略之前,请将 NTFS DACL 修改为所需的 DACL
删除这些默认 DACL 而不进行修改或替换所需 DACL 将导致数据访问丢失