ONTAP Hardware

Lost Access to a Shared Folder

sbmmiller
10,698 Views

We have AFF220. There is an SVM with a few CIFS share volumes in it.  One volume is called USERS and shared as USERS$. We were able to access the share ok, copy / delete data etc. Suddenly the share became access denied. I see the volume in Netapp, the share permissions are ok. I can actually browse the share via our backup software so its like someone removed the NTFS permissions that gave us access to it.  There is not a root folder. How can I view the ntfs permissions on the users$ folder and change them if the folder is hidden?

 

I reverted a snapshot and this restored the access to the folder. However the question remains how would I view the folder if I lost access? Also, the only way I seem to be able to check the NTFS permissions is to pin the path \\svm\users$ to windows explorer. From there right click and check permissions. This doesnt seem right.  

1 ACCEPTED SOLUTION

Mjizzini
10,669 Views

You can always use the NetApp command line to check NTFS permissions on  files or folders.

::> vserver security file-directory show

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-910/vserver__security__file-directory__show.html

View solution in original post

6 REPLIES 6

Mjizzini
10,670 Views

You can always use the NetApp command line to check NTFS permissions on  files or folders.

::> vserver security file-directory show

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-910/vserver__security__file-directory__show.html

paul_stejskal
10,620 Views

It probably is offbox. I would open a case. For some reason reading your description my first thought was ransomware. It doesn’t make sense since you can still access data but you might make a clone of the volumes or ensure you retain snapshots on your secondary SnapMirror location. It doesn’t match what we have seen ransomware do but I had a feeling reading what you said. At the very least you’ll have a backup. 

Since it involves looking at logs I would just open a case. If it is like a home directory request a p1 since that would be an outage. 

paul_stejskal
10,619 Views

Sorry I should clarify, if this is a lost access situation and you can’t get it to where users can access their data. 

sbmmiller
10,614 Views

Its not ransomware. You have a volume and you have a share. You create a folder in that share and it inherits the root permissions. The question is, if you lost access to the root, how would you for example take ownership back?

 

If the share = \\SVM\Users$ and you access this share, create folders here, they inherit permissions from user$. The only way I know how to change the NTFS permissions on the Users$ is to pin the folder in explorer, then I can right click it and modify the permissions. But lets say someone went in and removed my ntfs access from users$, the folder would disappear and I would not be able to even see the folder. If I try to go to \\SVM\Users$, I would get access denied. The share permissions are still intact and visible on  netapp, but the ntfs permissions are now wrong and im locked out. So how can you view / take ownership back of the Users$ root folder?

paul_stejskal
10,612 Views

I agree. I just had a feeling...IDK why.

sbmmiller
10,609 Views

Ok I understand now, you can view / change the permissions via SSH command line.  Found it under the CIFS 

 

Example

cifs share access-control modify -share USERS$ -user-or-group MYGROUP -user-group-type windows -permission Full_Control

Public