Network and Storage Protocols

CIFS and Folder Traversal

madler

Hi All,

 

We are running NetApp Release 8.1.4P7 7-Mode.

I am attempting to set up a share where the root folder will have the following permissions:

Domain Users - Read & execute, List folder contents, Read - This folder only

Domain Admins - Full Control

 

The idea being that users would only be able to see the subfolders that they have permissions to.

I have set this up on a regular server and it works fine.

When I try to do this on a CIFS volume, I can see every subfolder regardless of permissions.

I've tried setting up the above on a subfolder with inheritance explicitly disabled and still no joy.

 

My theory is that there is some sort of background permissions on the volume that could be overriding the NTFS permissions.

I've seen a couple of websites making reference to it but it appears to be aimed for clustered environments.

Any ideas how and where I could check this?

1 ACCEPTED SOLUTION

aborzenkov
You probably want to enable access based enumeration for this share;

Enable ABE
cifs shares -change sharename -accessbasedenum

View solution in original post

4 REPLIES 4

aborzenkov
You probably want to enable access based enumeration for this share;

Enable ABE
cifs shares -change sharename -accessbasedenum

View solution in original post

madler

That got it, thanks.

scottgelb

I remember also setting in addition to the per cifs share...

 

options cifs.enable_share_browsing off    

nasmanrox

I believe this is global setting and once it is set to "off" it will overide setting for cifs share -nobrowse option 

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public