NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

Network and Storage Protocols

Has the filer administrator the rights to acess the NFS qtree through the CIFS client

tatlee
4,627 Views

IHAC created a NFS qtree with security set to 'UNIX', and only create a group of users in NFS that can access this qtree. However, when this qtree is mapped to a CIFS client, the filers local administrators have the full control on it. Is this the correct behaviour?  How can we prevent the filers' admin accessing this NFS qtree?

The filer's administrator are the AD domain users.

Regards,

Terrence

4 REPLIES 4

adamfox
4,627 Views

This is probably due to the option wafl.nt_admin_priv_map_to_root being set to on (which is the default).  Setting this to off should stop this.  It's on by default because Windows Admins expect to be able to act like an admin everywhere.  But if you set this to off, the effect you are seeing should go away.

tatlee
4,627 Views

Adam,

Thanks. Will try it out.

Regards,

Terrence Lee

NetApp Global Services

NetApp

852.3605.7700 Main

852.9181.8824 Mobile Phone

[email protected]

Learn how: netapp.com/guarantee

radek_kubka
4,627 Views

This is probably due to the option wafl.nt_admin_priv_map_to_root being set to on (which is the default).

This won't help I am afraid - unless something changed since the issue has been thoroughly discussed over here:

http://communities.netapp.com/thread/4163

Regards,

Radek

tatlee
4,627 Views

Radek,

Thanks.

Regards,

Terrence Lee

NetApp Global Services

NetApp

852.3605.7700 Main

852.9181.8824 Mobile Phone

[email protected]

Learn how: netapp.com/guarantee

Public