When a directory is dragged / dropped or moved, why are the access rights not inherited?

Applies to

• Data ONTAP 7
• ONTAP 9

Answer

• When the same directory is cut / pasted the access rights are not properly inherited.
• This behavior of permissions is EXPECTED in NTFS volumes due to the design of NTFS Access Control List (ACL)s.
• According to Microsoft's KB article: How permissions are handled when you copy and move files and folders, by default an object inherits permissions from its parent object, either at the time of creation or when it is copied or moved to its parent folder.
• The only exception to this rule occurs when you move an object to a different folder on the same volume. In this case, the original permissions are retained.
• NetApp's SMB server will act like a modern Windows SMB server with regards to inheritance.
• Test the same operation from the same client against a Windows SMB server configured in the same manner.
• If everything is identical, take packet traces against the "working" SMB server and against the NetApp SMB which is not behaving as expected.
• Record the following information:
  • Client ip
  • Server ip
  • Full path to the folder being copied to
  • File name being copied to the folder
  • Get the full output of the ACL's on the parent directory before moving file.
  • Note the exact time
  • Start the trace
  • disconnect the smb session
  • Reconnect to the share and perform the operation
  • Stop the packet trace
  • Get the full output of the ACL's on both the parent directory and on the file itself after the operation has completed

Additional Information

Related Microsoft KB Links:

• Inherited permissions are not automatically updated when you move folders
• HOW TO: Copy a Folder to Another Folder and Retain its Permissions
• How permissions are handled when you copy and move files and folders