ONTAP Discussions

access to /etc

nsitps1976
31,461 Views

Please could someone tell me how to access /etc so I can edit files. This is without an NFS / CIFS license...

Can I use the cli etc....?

18 REPLIES 18

radek_kubka
31,305 Views

Hi,

You actually don't need CIFS license to access administrative ('hidden') share:

\\<your_filer_dns_name_or_ip_address>\c$

/etc is one of subdirectories in there.

Regards,

Radek

nsitps1976
31,305 Views

Hi Radek

This is what I thought originally, however it does not seem to work "No network provider accepted the given network path" - I have checked the machine is allowed admin access.

I noticed on page 40 of the DOT 8.0 7-Mode Admin Guide that it states you need a CIFS license for this type of admin access????

Regards

radek_kubka
31,305 Views

Weird one. It used to work like that for ages, but apparently it has changed recently (at least according to the admin guide).

The only trouble I had in the past accessing c$ share without CIFS license was around access rights problems when filer is not a part of AD domain.

lhoffman1
31,305 Views

Hi there,

question,  which files you want edit ?  You could use wrfile command

regards

Lutz

nsitps1976
31,305 Views

The FAS is not joined to the domain, is it worth joining if I will not be using cifs for data storage??? - Also, despite what the guide says, do you think joining the domain will allow cifs access to /etc (without license)?

I am looking to edit snapmirror.allow, however I would like to know how to edit all files (easly) for the future.....

lhoffman1
31,305 Views

this file is small, so you wouldn't have a problem with  "wrfile", alternative you could set the "options snapmirror.access"

nsitps1976
31,305 Views

Please expand on options snapmirror.access (what is the diff?? etc).

How do I use wrfile?

Is there no other way to modify files etc?

Regards

fjohn
31,305 Views

Via PowerShell from a host running the Data ONTAP PowerShell Toolkit:

Connect-NaController DestinationFiler -Credential (Get-Credential) 

Write-NaFile /vol/vol0/etc/snapmirror.allow -AppendLine "Sourcefiler"

This will connect to the controller "DestinationFiler" via HTTPS and prompt for credentials.  After connecting it adds the controller "SourceFiler" to the snapmirror.allow file.

J


Darkstar
31,305 Views

wrfile is dangerous. you use it like this. but best test it on an emulator before!

* open ssh to the filer console (with putty for example)

* type

     rdfile /etc/rc

  or whatever file you want to edit. It will print out the current contents of the file

* copy this content to a Notepad or other text editor

* edit/change anything you want in the text

* when you're done, type

    wrfile /etc/rc

* then QUICKLY copy/paste your modified text into the SSH console

* press CTRL-C to save the file and you're done. try "rdfile" again to check your changes were correctly saved

the problem is that wrfile DELETES the file as soon as you enter the command so you must be prepared to paste in the new content

and if you forget to do CTRL-C at the end you will remain in "wrfile" mode and everything you type will end up in the file you tried to edit. Even if you logout SSH and later log in again, you will still be writing to the file, which can be quite annoying to say the least

please test on a simulator before you go productive

-Michael

nsitps1976
16,736 Views

This is great info, thanks

scottgelb
16,736 Views

I often use the mv command prior to wrfile then I have a backup (or create a snapshot too)... "priv set advanced ; mv /etc/snapmirror.conf /etc/snapmirror.conf.ccyymmdd" then exactly as written above to rdfile, copy and edit in an editor then wrfile back.  Worst case, I can mv from the ccyymmdd copy back to the original file name.

eric_barlier
16,736 Views

hi scott,

Careful my friend. MV as you know MOVES the file, it does not copy it. I ve made the mistake of using MV file before changing

a file and not have the content that was in the file prior to running MV command. That in fact created a new file that didnt

contain all info needed. It is an easy mistake to make.

the approach you suggest rather than using MV command create a snapshot of the root volume is much safer. If you have CIFS running, map the snapshot and be ready just in case. If you have not got CIFS access you can still restore using <snap restore> command.

you can also ADD to a file using wrfile ie,

wrfile -a /etc/hosts 192.168.1.2  hostname

This will add <192.168.1.2 hostname> to the end of an existing file. So long the entry is sane its a very safe approach.

Cheers,

Eric

scottgelb
16,735 Views

I have never had a problem with mv and often use it... although in the wrong hands or misused it could be an issue.  I don't like wrfile -a since the order of the file is hard to follow after.  It can always be moved back... the error sometimes though on a typo can be bad for example copying or moving rc to hosts or vice versa.  Creating a snapshot before anything always saves the day.  Or rdfile on the new filename where it was moved and wrfile back if move to the wrong place.  More of what the admin is comfortable with and prefers.

columbus_admin
14,924 Views

options snapmirror.access is the newer way to allow systems access for snapmirror pulls.  You would use it just like any other options setting for hosts.  The syntax from the man page is below:

options snapmirror.access host=systemA,systemB

ADMADDOCK
16,736 Views

I had same problem browsing both /etc$ and /c$ resolved after running CIFS setup again selecting 1) Active Directory domain authentication I could access from a server in the same domain.

The problem as I saw it was correct authentication from my Win7 box on a different domain (not even part of same forest), once using a box in same domain I wasn't even challenged and could browse both.

eric_barlier
16,735 Views

In my simulator I use a username local to the controller. if user ADM exists on the controller you should be able

to login using

local\ADM

in the authentication box. Im not 100% sure if that would work in AD mode as I always run my SIMs in workgroup mode (local file authentication). Still worth a try. If you try can you feedback here please?

Cheers,

Eric

david_cookson
14,924 Views

Hello nsitps1976

Going by the old adage of 'better late than never,' the following might help.

Run the following lines from the CLI (please be careful if this is a production box):

options sftp.enable on

options sftp.auth_style unix

options security.admin.authentication nsswitch

wrfile -a /etc/passwd sftpuser:_J9..IMv76dJgB/sqpf.:0:1::/:

wrfile -a /etc/group daemon:*:1:

Then you can use WinSCP or a similar SFTP program to log into the Filer with username=sftpuser and password=cifs*123 and have your way with the /etc folder. This does not need CIFS or NFS license.

The following blog post has more details: http://cosonok.blogspot.com/2012/01/netapp-data-ontap-81-enabling-sftp.html

Cheers

nsitps1976
14,924 Views

Very handy - thanks David...

Public