2017-08-17 03:09 AM
As I understand that this property was DEPRECATED, but I still trying to find any information about which security check this CIFS superuser option allows to bypass?
Solved! SEE THE SOLUTION
2017-08-17 10:12 PM
In order to answer your question most accurately, can you provide a reference in our documentation to the exact functionality you are asking about?
2017-08-19 06:41 AM
I'm not sure about exact functionality. In this link, there is a description of how to give a user cifs superuser privileges.
I'm trying to find what are privileges this all about?
a month ago
As of ONTAP 9.4 the "vserver cifs superuser" commands are deprecated - the preferred method is to add a user to the AD Domain Admins group.
The user avoids checks on files and directory access.
Data ONTAP allows read, write, or modify access to any file regardless of existing locks. If the FPolicy server takes byte range locks on the file, it results in immediate removal of existing locks on the file.
Access does not generate any FPolicy notifications.
a week ago
By any chance, are you know and can refer me to the documentation that states, from which version this CIFS superuser property is not supported anymore?
a week ago
We have marked it as deprecated in our current release of ONTAP - to ensure ongoing compatibility, new functionality should not be based around it.
Thank you a lot for your help and time. :-)
Ok, but by any chance, you remember since which cmod version it was deprecated?
(Is it 8.3 or starting from 9.0, I do remember it was available at 8.2, probably 8.3 but I may wrong.)
And another question hopes you will able to answer or direct me to the relevant article...
In case I comparing the local Administrators group on CIFS server defined on vserver and the superuser privileges.
What is the difference between the two? (if you have a table comparison will be good if not see example)
I'm interested in File System permission perspective.
1. I have UserA that member in the local Administrators group.
2. I have UserB that not a member of any local group but has superuser assignment.
3. I have a folder which has not direct permission or ownership for any of that users.
4. I would like to change the ACLs acting as one of those users at a time.
What will I need to do?
1. In case UserA is it, I will need first to make my self an owner and then change the permissions otherwise will get access denied?
2. In the case of UserB, the change permission will take effect without any prior action?
I've posed your questions to our expert over at https://community.netapp.com/t5/Network-Storage-Protocols-Discussions/Authentication-amp-Authorization-in-CIFS-Ask-The-Expert-7-16-to-7-30/m-p/141484/ - I'll keep an eye on their answer