Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Where is the equivilant of "nosymlink_strict_security" in ONTAP 8.2?
2015-11-01
09:59 PM
2,835 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are trying to disable boundary checking for symbolic links from some shares on an Ontap 8.2 simulator. Following documentation refers to setting the "nosymlink_strict_security" option on the share using the following command:
cifs shares -change sharename - nosymlink_strict_security
https://library.netapp.com/ecmdocs/ECMP1401220/html/GUID-7F05BF61-B573-4078-A94C-FF035EC7DB57.html
https://library.netapp.com/ecm/ecm_download_file/ECMP1196993
However, when trying this command on the 8.2 simulator, the option "nosymlink_strict_security" is not available:
gserver1::vserver> cifs shares -change shareName -nosymlink_strict_security
Usage:
cifs shares [<share>]
cifs shares -add <share> <path> [ -nobrowse ] [-file_umask <mask>] [-accessbasedenum]
[ -dir_umask <mask> ] [ -comment <description> ]
cifs shares -delete <share>
cifs shares -change <share> { -browse | -nobrowse }
{ -file_umask <mask> | -nofile_umask }
{ -dir_umask <mask> | -nodir_umask }
{ -comment <description> | -nocomment }
{ -accessbasedenum | -noaccessbasedenum }
cifs shares -t
Can somebody help confirm the following:
1. Does Ontap 8.2 support the "nosymlink_strict_security" option? and if not, is there an equivalent option?
2. What is the default behavior of boundary checking for symbolic links on Ontap 8.2?
Thanks!
Regards,
Steven
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Currently not available in cDOT.
I'd suggest opening up a case and having it associated with bug 906867.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Data ONTAP 7-Mode support a feature (with CIFS share attribute 'nosymlink_strict_security') where clients can follow symbolic links to any destinations (outside the current share boundary) on this Data ONTAP 7-Mode storage system.
However, the clients can not access files outside the shares in clustered Data ONTAP because boundary checking for symbolic links is enabled by default. This behaviour cannot be changed, and symbolic links cannot be used to access files outside the shares after the transition is complete.
Thanks
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.