Solved: CIFS File Permissions in the ~snapshot directory

DARRELLTROBINSON · ‎2012-03-16

I have taken over sys.admin in my department, which includes taking over Netapps and I have found a virus in the ~snapshot directory found on the netapp box.

On a windows machine, i connect to the netapps via windows explorer using the IP address \ <share name>

10.10.10.10\MyShare

In the share, there is a folder ~snapshot, and a file myLun.lun

Traversing the ~snapshot directory, I go into a subfolder sep1011 and I find 2 files, myLun.lun and virus.avi

The owner of this file is a machine from another domain (<domain>\<computer name>$)

I attempted to remove virus.avi, but I get access denied. I tried to change the owner to myself, but I still get access denied.

I created a user locally on the netapps box and added the user to the Administrator group. I then connected to the share, 10.10.10.10\MyShare using these credentials via windows explorer, but I still can not change the ownership of the file, virus.avi.

Looking at the permissions, EVERYONE has FULL access to this file.

Is there a way to get to the directory through the console?

Thx.

D.

rmharwood · ‎2012-03-16

So, you have a snapshot named "sep1011" with those files inside.

View solution in original post

rmharwood · ‎2012-03-16

Contents of snapshots are always read-only. If you don't want those files in there, the only option you have is to delete the snapshot that they're in. You will also be removing access to any other files in the snapshot, unless you copy them somewhere else first.

Richard

DARRELLTROBINSON · ‎2012-03-16

The files don't exist in the snapshot. The file exists in the snapshot directory.

rmharwood · ‎2012-03-16

Folders beneath the ~snapshot folder are the different snapshots on the volume containing the CIFS share. Perhaps you have a snapshot named "sep1011". The ~snapshot folder does not contain anything other than snapshots.

DARRELLTROBINSON · ‎2012-03-16

I understand that it's not supposed to have anything but the snapshot, but what I'm telling you is that there are 2 shortcuts that exist in there along with the LUN. Check the pic.

rmharwood · ‎2012-03-16

So, you have a snapshot named "sep1011" with those files inside.

DARRELLTROBINSON · ‎2012-03-16

oh god.....i'm an idiot.

I'm thinking that the LUN is the only thing that exists in a snapshot.

thanks for your replies and patience!!

rmharwood · ‎2012-03-16

Well, it's not common practice to have a LUN in the same location as other (NAS) files.

DARRELLTROBINSON · ‎2012-03-16

that's the only file that exists in the parent directory right now. Even if you try to add a file to the directory it says that it's full, so how those two shortcuts got placed in the directory is a mystery.

brauntvr2swiss · ‎2012-03-16

Hi Darrell

You cannot delete any Files in the snapshots, because snapshots are readonly. You can delete the File in the active Filesystem. In the snapshot you have to wait till the the retention is over (the System delete the snapshot)

or you can manually delete the snapshots, where the virus.avi is in...

Greetz

Thomas

DARRELLTROBINSON · ‎2012-03-16

The files don't exist in the snapshot. The file exists in the snapshot directory.

brauntvr2swiss · ‎2012-03-16

The Answer from Richard is correct.You have to delete the snapshot sep1011 --> e.g. filer>snap delete <Volumename> sep1011 or with OnCommand System Manager...

DARRELLTROBINSON · ‎2012-03-16

Yeh...when he replied back to my picture....it hit me....

I've knew snapshots were read-only.....applying that knowledge to an physical snapshot was a whole new world for me!!

I appreciate yalls help!!