Skip to main content
NetApp Knowledge Base

Cannot edit SACLs for UNIX security style volumes

Last Updated:

Applies to

  • ONTAP 9
  • Auditing


Regardless of method used, SACL entries do not seem to be allowed on a volume.

Windows explorer example:

We attempt to add Active Directory user 'nas-user' to a Unix-style security volume labeled 'unix'. After creating the permission for 'nas-user' we click 'apply'. Afterwards, we can see that 'nas-user' was removed from the permission entries.

Cannot edit SACLs for UNIX security style volumes

Cannot edit SACLs for UNIX security style volumes

ONTAP CLI example:

cluster1::vserver security file-directory> ntfs sacl show -vserver svm1_cluster1 -ntfs-sd unix-sd 
Vserver: svm1_cluster1
NTFS Security Descriptor Name: unix-sd

    Account Name     Access   Access             Apply To
                     Type     Rights
    --------------   -------  -------            -----------
    DEMO\nas-user    success  full-control      this-folder, sub-folders, files

cluster1::vserver security file-directory> policy show -vserver svm1_cluster1   

    Vserver          Policy Name
    ------------     --------------
    svm1_cluster1    unix_test

cluster1::vserver security file-directory> task add -policy-name unix_test -path /unix/test -vserver svm1_cluster1 -security-type ntfs -ntfs-sd unix-sd
  (vserver security file-directory policy task add)

Error: command failed: Can't set ntfs security descriptor on a Unix File


Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.