ONTAP Discussions

Where is the equivilant of "nosymlink_strict_security" in ONTAP 8.2?

stevenfu
2,325 Views

We are trying to disable boundary checking for symbolic links from some shares on an Ontap 8.2 simulator. Following documentation refers to setting the "nosymlink_strict_security" option on the share using the following command:

 

 

cifs shares -change sharename - nosymlink_strict_security

 

 

https://library.netapp.com/ecmdocs/ECMP1401220/html/GUID-7F05BF61-B573-4078-A94C-FF035EC7DB57.html

https://library.netapp.com/ecm/ecm_download_file/ECMP1196993 

However, when trying this command on the 8.2 simulator, the option "nosymlink_strict_security" is not available:

gserver1::vserver> cifs shares -change shareName  -nosymlink_strict_security

  Usage:                                                                                  

  cifs shares [<share>]                                                                   

  cifs shares  -add <share> <path> [ -nobrowse ] [-file_umask <mask>] [-accessbasedenum]  

  [ -dir_umask <mask> ] [ -comment <description> ]                                      

  cifs shares  -delete <share>                                                            

  cifs shares  -change <share> { -browse | -nobrowse }                                    

  { -file_umask <mask> | -nofile_umask }                                                

  { -dir_umask <mask> | -nodir_umask }                                                  

  { -comment <description> | -nocomment }                                               

  { -accessbasedenum | -noaccessbasedenum }                                            

   cifs shares -t                                           

 

Can somebody help confirm the following:

1. Does Ontap 8.2 support the "nosymlink_strict_security" option? and if not, is there an equivalent option?

2. What is the default behavior of boundary checking for symbolic links on Ontap 8.2?

 

Thanks!

 

Regards,

Steven

2 REPLIES 2

parisi
2,307 Views

Currently not available in cDOT.

 

I'd suggest opening up a case and having it associated with bug 906867.

hariprak
2,279 Views

Hi,

 

Data ONTAP 7-Mode support a feature (with CIFS share attribute 'nosymlink_strict_security') where clients can follow symbolic links to any destinations (outside the current share boundary) on this Data ONTAP 7-Mode storage system.

 

However, the clients can not access files outside the shares in clustered Data ONTAP because boundary checking for symbolic links is enabled by default. This behaviour cannot be changed, and symbolic links cannot be used to access files outside the shares after the transition is complete.

 

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Public