Network and Storage Protocols

we want to allow about cifs access-controll command for Domain\Admins group by script

shinichiro_s
1,259 Views

hello,

 

We want to change Windows ACL about CIFS share.

Our environment use WEB cgi for netapp volume create,cifs create,cifs access-controll create...etc.

 

Linux script could work.

 

now we could allow these command.

 

ssh cluster1 admin@192.168.0.101 

cifs share access-control create -share wk_volume -vserver svm01 -user-or-group "demo\Domain Admins" -permission full_Control

 

 

But we could not allow becase "doemo\Domain Admins" (maybe "\"mark is problem) 

 

How can we allow "\"?

We shuld append what mark ? ( backslash,sigle quote,chiruda....\ ' ^ ?)

we know this issue not netapp issue. this is general question. 

 

Regards,

1 ACCEPTED SOLUTION

shinichiro_s
1,113 Views

Hello,

 

We find out answer by myself.

We use single quotation then pass this command.

 

 

centos1 log paste.

----------

[nasmation@centos1 ~]$ cat send_nas_status.sh
#!/bin/bash

#ssh -l nasmation 192.168.0.101 df
ssh -l nasmation 192.168.0.101 share access-control create -share wk_volume -vserver svm01 -user-or-group '"demo\Domain Admins"' -permission full_Control

[nasmation@centos1 ~]$

[nasmation@centos1 ~]$  ./send_nas_status.sh

Last login time: 10/2/2023 08:44:19
(vserver cifs share access-control create)

[nasmation@centos1 ~]$

 

 

 

 

cluster1  log paste.

---------------------------

cluster1::> cifs share show -vserver svm01
Vserver Share Path Properties Comment ACL
-------------- ------------- ----------------- ---------- -------- -----------
svm01 c$ / oplocks - BUILTIN\Administrators / Full Control
browsable
changenotify
show-previous-versions
svm01 ipc$ / browsable - -
svm01 wk_volume /wk_volume oplocks - demo\Domain Admins / Full Control
browsable
access-based-enumeration
show-previous-versions
3 entries were displayed.

cluster1::>

 

Thank you for everythig.

 

Best Regards,

View solution in original post

3 REPLIES 3

Ontapforrum
1,196 Views

I am not sure if I understood the query correctly.  If you simply copy paste the following command to the netapp CLI it will work.

cifs share access-control create -share wk_volume -vserver svm01 -user-or-group "demo\Domain Admins" -permission full_Control

 

You mentioned - We could not allow becase "doemo\Domain Admins" (maybe "\"mark is problem) .  Can you tell us where exactly you are getting error, while running that command.

shinichiro_s
1,133 Views

Thank you for your reply.

 

We create script.

-------------------------

#!/bin/bash

#ssh -l admin2 192.168.0.101 df
ssh -l admin2 192.168.0.101 share access-control create -share wk_volume -vserver svm01 -user-or-group "demo\Domain Admins" -permission full_Control

-------------------------

 

 

We executed this script.

-------------------------

[admin2@centos1 ~]$ ./send_nas_status.sh

Last login time: 9/29/2023 08:56:53
(vserver cifs share access-control create)

Error: "Admins" is an invalid value for field "-permission <access rights>"
Valid choices in this command's context: No_access, Read, Change,
Full_Control

[admin2@centos1 ~]$

 

 

We think about

-------------------------

"Domain\Admins" is surrounded by double quotes.
However, the backslash inside double quotes is not used in its original meaning.
I wish there was a better way to specify the group name when sending ssh commands from an external host to NetApp. If there is a workaround, please let me know.

 

Regards,

shinichiro_s
1,114 Views

Hello,

 

We find out answer by myself.

We use single quotation then pass this command.

 

 

centos1 log paste.

----------

[nasmation@centos1 ~]$ cat send_nas_status.sh
#!/bin/bash

#ssh -l nasmation 192.168.0.101 df
ssh -l nasmation 192.168.0.101 share access-control create -share wk_volume -vserver svm01 -user-or-group '"demo\Domain Admins"' -permission full_Control

[nasmation@centos1 ~]$

[nasmation@centos1 ~]$  ./send_nas_status.sh

Last login time: 10/2/2023 08:44:19
(vserver cifs share access-control create)

[nasmation@centos1 ~]$

 

 

 

 

cluster1  log paste.

---------------------------

cluster1::> cifs share show -vserver svm01
Vserver Share Path Properties Comment ACL
-------------- ------------- ----------------- ---------- -------- -----------
svm01 c$ / oplocks - BUILTIN\Administrators / Full Control
browsable
changenotify
show-previous-versions
svm01 ipc$ / browsable - -
svm01 wk_volume /wk_volume oplocks - demo\Domain Admins / Full Control
browsable
access-based-enumeration
show-previous-versions
3 entries were displayed.

cluster1::>

 

Thank you for everythig.

 

Best Regards,

Public