ONTAP Discussions

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

SMB ACL changes in Linux is raising more Fpolicy events than in Windows

abhit
NetApp
‎2020-04-29 03:51 AM
2,794 Views

Hi:

 

SMB ACL changes in Linux is creating more Fpolicy events than in Windows.

 

  1. Steps to reproduce:

A SMB share is mounted in Linux and Windows.

If a permission is changed in Linux Centos 7.x version, fpolicy sends 4 message on giving permission to a new user in a folder.

If a permission is changed in Windows 2016 server, fpolicy sends 1 message on giving permission to a new user in a folder.

A video link has been pasted below.

 

  1. Ontap details below:

 

abhit_0-1588157465127.jpeg

 

 

  1. Video of a similar operation that was tried out:

https://netapp-my.sharepoint.com/:v:/p/knieberg/Ed1C85bMTTFEs8q-MNwiGR4B-JYX459jxSCFcPkdmMCBiA?e=2TSu8V

Below events were not captured while this video was being recorded.

But similar operation was done and events were captured in an external Fpolicy server.

 

  1. See the video on the ACL change done in Linux, we get following events:

 Below ones few minutes before (whatever Kai tried via linux client)

<?xml version="1.0" encoding="UTF-8"?>

<FscreenReq>

   <ReqId>124359556</ReqId>

   <ReqType>SMB_SET_ATTR</ReqType>

   <NotfInfo>

      <SmbSetAttrReq>

         <CommonInfo>

            <ProtCommonInfo>

               <ClientIp>10.197.144.115</ClientIp>

               <GenerationTime>1587633146015785</GenerationTime>

               <UsrIdType>MAPPED_ID</UsrIdType>

               <UsrContext>

                  <MappedId>

                     <Uid>65534</Uid>

                     <WinSid>S-1-5-21-3647202927-612482006-490203858-1616</WinSid>

                  </MappedId>

               </UsrContext>

               <FileOwner>

                  <WinSid>S-1-5-21-3647202927-612482006-490203858-1616</WinSid>

               </FileOwner>

               <AccessPath>

                  <Path>

                     <PathNameType>WIN_NAME</PathNameType>

                     <PathName>\HR\Zayyan_Maxwell.xlsx</PathName>

                  </Path>

                  <Path>

                     <PathNameType>UNIX_NAME</PathNameType>

                     <PathName>/HR/Zayyan_Maxwell.xlsx</PathName>

                  </Path>

               </AccessPath>

               <VolMsid>2147554766</VolMsid>

               <FileSize>0</FileSize>

               <NumHardLnk>1</NumHardLnk>

               <IsOfflineAttr>0</IsOfflineAttr>

               <FileType>FILE</FileType>

               <IsSparse>0</IsSparse>

               <IsDense>0</IsDense>

            </ProtCommonInfo>

            <DisplayPath>\\DMOGRPSHR02\ENG\HR\Zayyan_Maxwell.xlsx</DisplayPath>

            <ProtVer>

               <MajorNum>3</MajorNum>

               <MinorNum>1</MinorNum>

            </ProtVer>

         </CommonInfo>

         <SetAttrChangeAttr>11</SetAttrChangeAttr>

         <SetAttrNewOwner>

            <WinSid>S-1-5-21-3647202927-612482006-490203858-1616</WinSid>

         </SetAttrNewOwner>

         <SetAttrNewGroup>

            <WinSid>S-1-5-21-3647202927-612482006-490203858-513</WinSid>

         </SetAttrNewGroup>

         <SetAttrMode>0</SetAttrMode>

      </SmbSetAttrReq>

   </NotfInfo>

</FscreenReq>

<?xml version="1.0" encoding="UTF-8"?>

<FscreenReq>

   <ReqId>84748357</ReqId>

   <ReqType>SMB_SET_ATTR</ReqType>

   <NotfInfo>

      <SmbSetAttrReq>

         <CommonInfo>

            <ProtCommonInfo>

               <ClientIp>10.197.144.115</ClientIp>

               <GenerationTime>1587633120980839</GenerationTime>

               <UsrIdType>MAPPED_ID</UsrIdType>

               <UsrContext>

                  <MappedId>

                     <Uid>65534</Uid>

                     <WinSid>S-1-5-21-3647202927-612482006-490203858-1616</WinSid>

                  </MappedId>

               </UsrContext>

               <FileOwner>

                  <WinSid>S-1-5-21-3647202927-612482006-490203858-1615</WinSid>

               </FileOwner>

               <AccessPath>

                  <Path>

                     <PathNameType>WIN_NAME</PathNameType>

                     <PathName>\HR\Zayyan_Maxwell.xlsx</PathName>

                  </Path>

                  <Path>

                     <PathNameType>UNIX_NAME</PathNameType>

                     <PathName>/HR/Zayyan_Maxwell.xlsx</PathName>

                  </Path>

               </AccessPath>

               <VolMsid>2147554766</VolMsid>

               <FileSize>0</FileSize>

               <NumHardLnk>1</NumHardLnk>

               <IsOfflineAttr>0</IsOfflineAttr>

               <FileType>FILE</FileType>

               <IsSparse>0</IsSparse>

               <IsDense>0</IsDense>

            </ProtCommonInfo>

            <DisplayPath>\\DMOGRPSHR02\ENG\HR\Zayyan_Maxwell.xlsx</DisplayPath>

            <ProtVer>

               <MajorNum>3</MajorNum>

               <MinorNum>1</MinorNum>

            </ProtVer>

         </CommonInfo>

         <SetAttrChangeAttr>1</SetAttrChangeAttr>

         <SetAttrNewOwner>

            <WinSid>S-1-5-21-3647202927-612482006-490203858-1616</WinSid>

         </SetAttrNewOwner>

         <SetAttrMode>0</SetAttrMode>

      </SmbSetAttrReq>

   </NotfInfo>

</FscreenReq>

 

  1. See the video for the ACL change done in Windows and we get following events:

<?xml version="1.0" encoding="UTF-8"?><FscreenReq>   <ReqId>124468100</ReqId>   <ReqType>SMB_SET_ATTR</ReqType>   <NotfInfo>      <SmbSetAttrReq>         <CommonInfo>            <ProtCommonInfo>               <ClientIp>10.197.144.154</ClientIp>               <GenerationTime>1587633548694627</GenerationTime>               <UsrIdType>MAPPED_ID</UsrIdType>               <UsrContext>                  <MappedId>                     <Uid>0</Uid>                     <WinSid>S-1-5-21-3647202927-612482006-490203858-500</WinSid>                  </MappedId>               </UsrContext>               <FileOwner>                  <WinSid>S-1-5-21-3647202927-612482006-490203858-1616</WinSid>               </FileOwner>               <AccessPath>                  <Path>                     <PathNameType>WIN_NAME</PathNameType>                     <PathName>\HR\Zayyan_Maxwell.xlsx</PathName>                  </Path>                  <Path>                     <PathNameType>UNIX_NAME</PathNameType>                     <PathName>/HR/Zayyan_Maxwell.xlsx</PathName>                  </Path>               </AccessPath>               <VolMsid>2147554766</VolMsid>               <FileSize>0</FileSize>               <NumHardLnk>1</NumHardLnk>               <IsOfflineAttr>0</IsOfflineAttr>               <FileType>FILE</FileType>               <IsSparse>0</IsSparse>               <IsDense>0</IsDense>            </ProtCommonInfo>            <DisplayPath>\\DMOGRPSHR02\ENG\HR\Zayyan_Maxwell.xlsx</DisplayPath>            <ProtVer>               <MajorNum>3</MajorNum>               <MinorNum>1</MinorNum>            </ProtVer>         </CommonInfo>         <SetAttrChangeAttr>8</SetAttrChangeAttr>         <SetAttrMode>0</SetAttrMode>      </SmbSetAttrReq>   </NotfInfo></FscreenReq>

 

 

 

Regards,

Abhi

+91-9845515269

 

0 Kudos
2 REPLIES 2

paul_stejskal
NetApp
‎2020-04-29 10:01 AM
2,765 Views

I don't know enough about the Linux SMB client, but ONTAP will just forward each client OP to the fpolicy server. If LInux is generating 4 calls where Windows generates only one (can be confirmed with packet trace), then that would be why. Then it would take investigation to see why Linux is generating those calls.

 

Have you tried a packet trace from Windows and from Linux (can be taken from filer with tcpdump command) to see if it indeed is generating 4 vs 1 calls?

0 Kudos

abhit
NetApp
‎2020-05-08 06:06 AM
In response to paul_stejskal
2,693 Views

No. Have not taken a packet trace.

We can take a packet trace and see what is happening.

-Abhi

0 Kudos
Tags (1)
Announcements
All Community Forums
Public