Network and Storage Protocols

Discovery of shares with everyone permissions

lowest
1,001 Views

Hi folks,

We have an extensive number of shares (over 1000 amongst many 1000s of shares) which have everyone file permissions, does anyone have any advice on how to identify these shares and which users are accessing the shares? Will any of the available NetApp tools provide this information?

1 ACCEPTED SOLUTION

parisi
954 Views

That would be covered by "cifs session show," which also has an API.

 

From ONTAP CLI, this is what the command looks like:

 

cluster::*> cifs session show -node node1 -vserver SVM

Node: node1
Vserver: SVM
Connection ID Session ID Workstation Windows User Open Files Idle Time Connection Count
------------- ------------------- ---------------- ------------------ --------- ------------ -----------------
787226810 3801882510430830604 x.x.x.x  NTAP\Administrator 3 10s 1

 

This is the REST API:

 

curl -X GET "https://clustername/api/protocols/cifs/sessions?return_timeout=15&return_records=true" -H "accept: application/json" -H "authorization: Basic YWRtaW46bmV0YXBwMSE="

View solution in original post

5 REPLIES 5

parisi
965 Views

From cluster CLI, use this command to find all shares with "Everyone" on the share ACL:

 

cifs share show -acl *Everyone*

 

That's for share-level permissions.

 

For file-level permissions, there's no easy way I know of outside of scripting out icacls.

lowest
962 Views

I am aware of that but many thanks regardless. The problem I have is the shares are in the 1000s and the filers they're on are in the 100s so I need to script this somehow and get the users accessing each share so we can tie down the permissions to those users. It's a problem we've inherited.

parisi
961 Views

That command also has a REST API you could use for a script.

 

For example:

 

curl -X GET "https://clusterIP/api/protocols/cifs/shares?acls.user_or_group=*Everyone*&return_records=true&return_timeout=15" -H "accept: application/json" -H "authorization: Basic YWRtaW46bmV0YXBwMSE="

 

This would be a sample of some of the output:

{
"svm": {
"uuid": "f6cc8539-75b3-11e9-8408-00a0986b1223",
"name": "sharename"
},
"name": "public",
"acls": [
{
"user_or_group": "Everyone"
}

lowest
955 Views

All good but doesn't address the who is accessing the share question.

parisi
955 Views

That would be covered by "cifs session show," which also has an API.

 

From ONTAP CLI, this is what the command looks like:

 

cluster::*> cifs session show -node node1 -vserver SVM

Node: node1
Vserver: SVM
Connection ID Session ID Workstation Windows User Open Files Idle Time Connection Count
------------- ------------------- ---------------- ------------------ --------- ------------ -----------------
787226810 3801882510430830604 x.x.x.x  NTAP\Administrator 3 10s 1

 

This is the REST API:

 

curl -X GET "https://clustername/api/protocols/cifs/sessions?return_timeout=15&return_records=true" -H "accept: application/json" -H "authorization: Basic YWRtaW46bmV0YXBwMSE="

Public