Subscribe

Has the filer administrator the rights to acess the NFS qtree through the CIFS client

IHAC created a NFS qtree with security set to 'UNIX', and only create a group of users in NFS that can access this qtree. However, when this qtree is mapped to a CIFS client, the filers local administrators have the full control on it. Is this the correct behaviour?  How can we prevent the filers' admin accessing this NFS qtree?

The filer's administrator are the AD domain users.

Regards,

Terrence

Re: Has the filer administrator the rights to acess the NFS qtree through the CIFS client

This is probably due to the option wafl.nt_admin_priv_map_to_root being set to on (which is the default).  Setting this to off should stop this.  It's on by default because Windows Admins expect to be able to act like an admin everywhere.  But if you set this to off, the effect you are seeing should go away.

Re: Has the filer administrator the rights to acess the NFS qtree through the CIFS client

Adam,

Thanks. Will try it out.

Regards,

Terrence Lee

NetApp Global Services

NetApp

852.3605.7700 Main

852.9181.8824 Mobile Phone

terrence.lee@netapp.com

Learn how: netapp.com/guarantee

Re: Has the filer administrator the rights to acess the NFS qtree through the CIFS client

This is probably due to the option wafl.nt_admin_priv_map_to_root being set to on (which is the default).

This won't help I am afraid - unless something changed since the issue has been thoroughly discussed over here:

http://communities.netapp.com/thread/4163

Regards,

Radek

Re: Has the filer administrator the rights to acess the NFS qtree through the CIFS client

Radek,

Thanks.

Regards,

Terrence Lee

NetApp Global Services

NetApp

852.3605.7700 Main

852.9181.8824 Mobile Phone

terrence.lee@netapp.com

Learn how: netapp.com/guarantee