ONTAP Discussions

Where is the equivilant of "nosymlink_strict_security" in ONTAP 8.2?

stevenfu

We are trying to disable boundary checking for symbolic links from some shares on an Ontap 8.2 simulator. Following documentation refers to setting the "nosymlink_strict_security" option on the share using the following command:

 

 

cifs shares -change sharename - nosymlink_strict_security

 

 

https://library.netapp.com/ecmdocs/ECMP1401220/html/GUID-7F05BF61-B573-4078-A94C-FF035EC7DB57.html

https://library.netapp.com/ecm/ecm_download_file/ECMP1196993 

However, when trying this command on the 8.2 simulator, the option "nosymlink_strict_security" is not available:

gserver1::vserver> cifs shares -change shareName  -nosymlink_strict_security

  Usage:                                                                                  

  cifs shares [<share>]                                                                   

  cifs shares  -add <share> <path> [ -nobrowse ] [-file_umask <mask>] [-accessbasedenum]  

  [ -dir_umask <mask> ] [ -comment <description> ]                                      

  cifs shares  -delete <share>                                                            

  cifs shares  -change <share> { -browse | -nobrowse }                                    

  { -file_umask <mask> | -nofile_umask }                                                

  { -dir_umask <mask> | -nodir_umask }                                                  

  { -comment <description> | -nocomment }                                               

  { -accessbasedenum | -noaccessbasedenum }                                            

   cifs shares -t                                           

 

Can somebody help confirm the following:

1. Does Ontap 8.2 support the "nosymlink_strict_security" option? and if not, is there an equivalent option?

2. What is the default behavior of boundary checking for symbolic links on Ontap 8.2?

 

Thanks!

 

Regards,

Steven

2 REPLIES 2

hariprak

Hi,

 

Data ONTAP 7-Mode support a feature (with CIFS share attribute 'nosymlink_strict_security') where clients can follow symbolic links to any destinations (outside the current share boundary) on this Data ONTAP 7-Mode storage system.

 

However, the clients can not access files outside the shares in clustered Data ONTAP because boundary checking for symbolic links is enabled by default. This behaviour cannot be changed, and symbolic links cannot be used to access files outside the shares after the transition is complete.

 

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

parisi

Currently not available in cDOT.

 

I'd suggest opening up a case and having it associated with bug 906867.

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public