Network and Storage Protocols

Bypass NTFS ACL on a CIFS-share to take file-level backups

mss
5,342 Views

Hi!

I'm trying to access our filer in a way that gives me full access to a NTFS-mounted CIFS-share to take a normal file level backup through \\filer\volume

We have a qtree, e.g /vol/files, with NTFS-style permissions and a CIFS share mounted on the qtree (\\filer\files). We want to backup this CIFS share from a dedicated machine, with something similar to root-privileges in Unix.

Is there a way to map a Domain User to a local filer super-user to make this happen? I'm not very familiar with WAFL and user administration on the filer, and how the different types of users are connected to e.g CIFS access.

After several hours of googling I've discovered that there is a Backup Operators group on the filer, but this only applies to NDMP?

I've tried mapping the backup user to root and Administrator in /etc/usermap.cfg, but still no luck. cifs.trace_login is enabled, and I can see the user logging in and getting mapped to root/Administrator/whatever I tell it to in the usermap file.

Is this even possible?

3 REPLIES 3

BrendonHiggins
5,342 Views

Hi

Welcome to the community.

Please take a step back and describe how you are trying to backup?  A windows server via a \\filer\root volume path...

We use HP Data Protector and CommVault with the NDMP plug in to backup the data from the filer to tape.  This works great and is very fast.

However if you want to pull the data over the network via a share you need to create a CIFS share of the volume and then ensure the windows NTFS security on each file and folder has the correct permissions.  Manage via a windows host and the MMC pointed at your filer but can use NetApp cli if you want.  You may need to take ownership of the NTFS permissions 1st, via the domain admin account.  This is all very messy and does not scale well, so recommend you pay the cash for the NDMP plug in for your backup app.

Hope this helps

Bren

adamfox
5,342 Views

If you are backing up over CIFS, the local "Backup Operators" group should work.  So you'd put the user that is doing the backup into that local group and you should get what you want.

But like was stated, this assumes you are doing backups over CIFS.  NDMP doesn't worry about this kind of stuff.

mss
5,342 Views

Thanks guys!

I ended up upgrading our backup software so NDMP would work, file level backups over CIFS is too much hassle

-Halvor

Public