Skip to main content
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.
NetApp Knowledge Base

After creating a file on Windows, why the owner is root and the group is bin on Linux?

Views:
498
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

Applies to

  • ONTAP 9
  • CIFS
  • NFS

Answer

If the advanced CIFS server option "Map Administrators to UNIX User 'root'" (-is-admin-users-mapped-to-root-enabled) is set to true, Windows users who are members of the "BUILTIN\Administrators" group are mapped to UNIX user "root" unless they are explicitly mapped to a UNIX user.

In ONTAP, the default local UNIX user "root" on each SVM has an User ID (UID) of 0 and a primary Group ID (GID) of 1, which has the local UNIX group "daemon".  With this configuration, files created by Windows users mapped to UNIX user "root" will show as owned by UNIX user "root" (UID 0) and group "daemon" (GID 1).

For the files created by Windows users mapped to UNIX user "root", NFS clients may resolve Group ID (GID) 1 to UNIX group "bin" based on their local configuration (i.e. the "/etc/group" file or LDAP).

Additional Information

  • Map the administrators group to root
  • vserver cifs options modify
  • If a Windows user is a member of the "BUILTIN\Administrators" group and an explicit user mapping exists for that user, the explicit name mapping takes precedence.
  • The default value for this parameter is true.
  • Set parameter to false to disable mapping the Administrators group members to root.
set -privilege advanced
vserver cifs options modify -vserver vserver_name -is-admin-users-mapped-to-root-enabled false
set -privilege admin

 

Scan to view the article on your device