Solved: Re: CIFS and Folder Traversal

madler · ‎2015-08-05

Hi All,

We are running NetApp Release 8.1.4P7 7-Mode.

I am attempting to set up a share where the root folder will have the following permissions:

Domain Users - Read & execute, List folder contents, Read - This folder only

Domain Admins - Full Control

The idea being that users would only be able to see the subfolders that they have permissions to.

I have set this up on a regular server and it works fine.

When I try to do this on a CIFS volume, I can see every subfolder regardless of permissions.

I've tried setting up the above on a subfolder with inheritance explicitly disabled and still no joy.

My theory is that there is some sort of background permissions on the volume that could be overriding the NTFS permissions.

I've seen a couple of websites making reference to it but it appears to be aimed for clustered environments.

Any ideas how and where I could check this?

aborzenkov · ‎2015-08-05

You probably want to enable access based enumeration for this share;

Enable ABE
cifs shares -change sharename -accessbasedenum

aborzenkov · ‎2015-08-05

You probably want to enable access based enumeration for this share;

Enable ABE
cifs shares -change sharename -accessbasedenum

madler · ‎2015-08-06

That got it, thanks.

scottgelb · ‎2015-08-06

I remember also setting in addition to the per cifs share...

options cifs.enable_share_browsing off

nasmanrox · ‎2016-07-14

I believe this is global setting and once it is set to "off" it will overide setting for cifs share -nobrowse option