Network Storage Protocols Discussions

CIFS Share Level Permissions Issue

metuckness

I just got a Clustered Netapp with 8.3.2SP2 on it and it is functioning except when I apply Windows AD security Groups to a CIFS share and remove (uncheck) the everyone access. So I go into the share and edit the permissions and set the security groups I use to restrict access (in this case it is a security group entitled LCCA-IT-NAS - RW and LCCA-IT-NAS - RO. The RW gets full control and the RO gets READ.

 

Once I set those groups and remove the everyone, I cannot access the shares.

 

Any idea what is missing? I have had a heck of a time with this since I got it and being new to Netapp the commands are not like anything I have encountered in Windows and linux.

 

Appreciate the help. Any comannds I need to run to display information to help let me know.

 

Thanks

 

 

1 ACCEPTED SOLUTION

metuckness

I figured it out. Apparently once a VSERVER is created and volumns are set then the rest of the permissions set are done at the Windows level. So I just went into the properties of the shares and removes the everyone and then added the security groups there with the proper security settings (Read, Read/Write).

View solution in original post

3 REPLIES 3

metuckness

Also, I cannot access the share even if I type the credentials of a user that is in the security group.

metuckness

I figured it out. Apparently once a VSERVER is created and volumns are set then the rest of the permissions set are done at the Windows level. So I just went into the properties of the shares and removes the everyone and then added the security groups there with the proper security settings (Read, Read/Write).

View solution in original post

Metuckness -

 

You've hit on one of the key features of CIFS on NetApp.  Once you create an SVM (vServer) you can treat it very much as a Windows file server from management point of view.  CIFS shares have the same "dual" security as does Windows - Share level access and NTFS filesystem level access semantics, which you can mix and match in the same ways as you would on a Windows server.

 

At current levels of cDot (which you have) you can also establish members of the "Local Administrators" group on the SVM so in case someone does something really bad with file permissions, you have a user that can re-take ownership and re-establish the security you want - just as you would on a Windows server.

 

To the greatest extent possible, including honoring relevant GPO settings, an SVM can be considered a "Windows" file server when using CIFS.  Once you're good with that, then the fun can really start.

 

 

 

Bob Greenwald

Senior Systems Engineer | cStor

NCIE SAN ONTAP, Data Protection

 

 

Kudos and accepted solutions are always appreciated.

 

 

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public