Why do NTFS ACLs take so long to apply across my directory structure?
Applies to
- ONTAP 9
- CIFS
Answer
- Permissions applied by a client machine across the SMBx protocol must first be read and then modified in separate SMBx calls.
- This process is basically serial at the client end, each file or directory being applied one by one instead of against multiple files or directories at the same time.
- As the number of files and directories increase, so too does the amount of time it takes to apply permission changes.
- When the number of files gets into the Millions application of the permissions may take days or even weeks.
- Short answer: the process will take as long as it takes.
Additional Information
- Some admins have inquired as to whether it would be faster to set the permissions from the Storage directly.
- The answer to that is “No, the application of the permissions will generally take the same amount of time even if ONTAP is performing the application of the permissions via ClI/API calls.”
- Furthermore, performing that level of permissions applications from ONTAP has much greater risk of causing issues, including perofrmance impacts and possibly panicking the Filer.
- NetApp Support does not recommend applying permissions from ONTAP except in circumstances where there is no other option, like when there are no valid permissions in the location.