Network and Storage Protocols

Discovery of shares with everyone permissions

lowest
3,259 Views

Hi folks,

We have an extensive number of shares (over 1000 amongst many 1000s of shares) which have everyone file permissions, does anyone have any advice on how to identify these shares and which users are accessing the shares? Will any of the available NetApp tools provide this information?

1 ACCEPTED SOLUTION

parisi
3,212 Views

That would be covered by "cifs session show," which also has an API.

 

From ONTAP CLI, this is what the command looks like:

 

cluster::*> cifs session show -node node1 -vserver SVM

Node: node1
Vserver: SVM
Connection ID Session ID Workstation Windows User Open Files Idle Time Connection Count
------------- ------------------- ---------------- ------------------ --------- ------------ -----------------
787226810 3801882510430830604 x.x.x.x  NTAP\Administrator 3 10s 1

 

This is the REST API:

 

curl -X GET "https://clustername/api/protocols/cifs/sessions?return_timeout=15&return_records=true" -H "accept: application/json" -H "authorization: Basic YWRtaW46bmV0YXBwMSE="

View solution in original post

5 REPLIES 5

parisi
3,223 Views

From cluster CLI, use this command to find all shares with "Everyone" on the share ACL:

 

cifs share show -acl *Everyone*

 

That's for share-level permissions.

 

For file-level permissions, there's no easy way I know of outside of scripting out icacls.

lowest
3,220 Views

I am aware of that but many thanks regardless. The problem I have is the shares are in the 1000s and the filers they're on are in the 100s so I need to script this somehow and get the users accessing each share so we can tie down the permissions to those users. It's a problem we've inherited.

parisi
3,219 Views

That command also has a REST API you could use for a script.

 

For example:

 

curl -X GET "https://clusterIP/api/protocols/cifs/shares?acls.user_or_group=*Everyone*&return_records=true&return_timeout=15" -H "accept: application/json" -H "authorization: Basic YWRtaW46bmV0YXBwMSE="

 

This would be a sample of some of the output:

{
"svm": {
"uuid": "f6cc8539-75b3-11e9-8408-00a0986b1223",
"name": "sharename"
},
"name": "public",
"acls": [
{
"user_or_group": "Everyone"
}

lowest
3,213 Views

All good but doesn't address the who is accessing the share question.

parisi
3,213 Views

That would be covered by "cifs session show," which also has an API.

 

From ONTAP CLI, this is what the command looks like:

 

cluster::*> cifs session show -node node1 -vserver SVM

Node: node1
Vserver: SVM
Connection ID Session ID Workstation Windows User Open Files Idle Time Connection Count
------------- ------------------- ---------------- ------------------ --------- ------------ -----------------
787226810 3801882510430830604 x.x.x.x  NTAP\Administrator 3 10s 1

 

This is the REST API:

 

curl -X GET "https://clustername/api/protocols/cifs/sessions?return_timeout=15&return_records=true" -H "accept: application/json" -H "authorization: Basic YWRtaW46bmV0YXBwMSE="

Public