Skip to main content
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.

NetApp KCS Award

NetApp Knowledge Base

What is the clustered Data ONTAP comparable setting to the 7G hidden option "cifs.ntfs_ignore_unix_security"

Views:
656
Visibility:
Public
Votes:
1
Category:
clustered-data-ontap-8
Specialty:
nas
Last Updated:

Applies to

Clustered Data ONTAP 8

Answer

What is the clustered Data ONTAP comparable setting to the 7G hidden option 'cifs.ntfs_ignore_unix_security_ops'?

For volumes with the NTFS security style, the UNIX-style permission bits are not used for controlling access to files. However, applications can still access the permission bits via NFS. Attempt to modify the permission bits on such a volume may result in an error being returned to the application, which may cause the application to error out.

Example:

Programs running on Linux 2.6+ distribution, for example vi, may open a swapfile when editing or creating new files and then change the mode bits on the swapfile to 600. When this setattr fails, it displays an error.
E325: ATTENTION
Found a swap file by the name ".new_file.txt.swp"
owned by: gen_user dated: Thu May 1 05:24:48 2008
[cannot be read]
While opening file "new_file.txt" dated: Thu May 1 05:24:48 2008


The cifs.ntfs_ignore_unix_security_ops hidden option can be set to allow the vi operation to work without error in this scenario. In clustered Data ONTAP, the failure behavior can be overridden on either an entire vserver or a single volume. To override this for an entire vserver, set the ntfs-unix-security-ops field to ignore in the vserver nfs settings of the vserver. To override the failure behavior on a single volume, set the ntfs-unix-security-ops to ignore inside the export-policy rule that is exporting the volume.

Additional Information

Related links:

  • BUG 185406 - Require support of the "cifs.ntfs_ignore_unix_security_ops" option
  • BUG 57350 - UNIX clients mounting an ntfs-style qtree complain about being unable to set permissions

 

Scan to view the article on your device