Network and Storage Protocols

CIFS and Folder Traversal

madler
4,600 Views

Hi All,

 

We are running NetApp Release 8.1.4P7 7-Mode.

I am attempting to set up a share where the root folder will have the following permissions:

Domain Users - Read & execute, List folder contents, Read - This folder only

Domain Admins - Full Control

 

The idea being that users would only be able to see the subfolders that they have permissions to.

I have set this up on a regular server and it works fine.

When I try to do this on a CIFS volume, I can see every subfolder regardless of permissions.

I've tried setting up the above on a subfolder with inheritance explicitly disabled and still no joy.

 

My theory is that there is some sort of background permissions on the volume that could be overriding the NTFS permissions.

I've seen a couple of websites making reference to it but it appears to be aimed for clustered environments.

Any ideas how and where I could check this?

1 ACCEPTED SOLUTION

aborzenkov
4,543 Views
You probably want to enable access based enumeration for this share;

Enable ABE
cifs shares -change sharename -accessbasedenum

View solution in original post

4 REPLIES 4

aborzenkov
4,544 Views
You probably want to enable access based enumeration for this share;

Enable ABE
cifs shares -change sharename -accessbasedenum

madler
4,473 Views

That got it, thanks.

scottgelb
4,464 Views

I remember also setting in addition to the per cifs share...

 

options cifs.enable_share_browsing off    

nasmanrox
3,776 Views

I believe this is global setting and once it is set to "off" it will overide setting for cifs share -nobrowse option 

Public