Cannot edit SACLs for UNIX security style volumes
Applies to
- ONTAP 9
- Auditing
Issue
Regardless of method used, SACL entries do not seem to be allowed on a volume.
Windows explorer example:
We attempt to add Active Directory user 'nas-user' to a Unix-style security volume labeled 'unix'. After creating the permission for 'nas-user' we click 'apply'. Afterwards, we can see that 'nas-user' was removed from the permission entries.
ONTAP CLI example:
cluster1::vserver security file-directory> ntfs sacl show -vserver svm1_cluster1 -ntfs-sd unix-sd
Vserver: svm1_cluster1
NTFS Security Descriptor Name: unix-sd
Account Name Access Access Apply To
Type Rights
-------------- ------- ------- -----------
DEMO\nas-user success full-control this-folder, sub-folders, files
cluster1::vserver security file-directory> policy show -vserver svm1_cluster1
Vserver Policy Name
------------ --------------
svm1_cluster1 unix_test
cluster1::vserver security file-directory> task add -policy-name unix_test -path /unix/test -vserver svm1_cluster1 -security-type ntfs -ntfs-sd unix-sd
(vserver security file-directory policy task add)
Error: command failed: Can't set ntfs security descriptor on a Unix File