Skip to main content
NetApp Knowledge Base

How to change security style of volume from UNIX to NTFS in ONTAP 9

Views:
8,194
Visibility:
Public
Votes:
2
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

ONTAP 9

Description

This article includes instructions on modifying security style of existing volume/qtree and propagating NTFS permissions to sub-folders and files in  ONTAP 9

Procedure

  1. Modify security style of volume or qtree to NTFS:

::> volume modify -vserver vserver_name -volume -security-style ntfs

  •     After the security style has been change, the root of the volume will be updated
    Example

    Cluster::> vserver security file-directory show -vserver Vs1 -path  /vol1

                    Vserver: Vs1
                  File Path: /vol1
          File Inode Number: 96
             Security Style: ntfs
            Effective Style: ntfs
             DOS Attributes: 10
     DOS Attributes in Text: ----D---
    Expanded Dos Attributes: -
               UNIX User Id: 0
              UNIX Group Id: 0
             UNIX Mode Bits: 777
     UNIX Mode Bits in Text: rwxrwxrwx
                       ACLs: NTFS Security Descriptor
                             Control:0x8004
                             Owner:BUILTIN\Administrators
                             Group:BUILTIN\Administrators
                             DACL - ACEs
                               ALLOW-Everyone-0x1f01ff-(Inherited)
                               ALLOW-Everyone-0x10000000-OI|CI|IO (Inherited)

  • The only change made to any child object is the security style
    Example

    Cluster::> vserver security file-directory show -vserver Vs1 -path  /vol1/new.txt

                    Vserver: Vs1
                  File Path: /vol1/new.txt
          File Inode Number: 102
             Security Style: ntfs
            Effective Style: unix
             DOS Attributes: 20
     DOS Attributes in Text: ---A----
    Expanded Dos Attributes: -
               UNIX User Id: 0
              UNIX Group Id: 1
             UNIX Mode Bits: 777
     UNIX Mode Bits in Text: rwxrwxrwx
                       ACLs: -

  1. Perform below steps on windows end to propagate DACL information to sub-folders and files.
  • Access share from windows and navigate to Advanced option in security tab under properties
  • Click on "Change" next to Owner, select an appropriate user
  • Click on "Replace all child object permission entries with inheritable permission entries from this object" option and click Apply

Note: You can add/remove DACL on parent folder based on your requirement before clicking on above option.

clipboard_e24a4389b7b57c5c1cea300657c50907c.png

  • After this process finishes, all child objects will now show NTFS as the effective security style and will have the NTFS ACL applied
  • Until this process finishes, ONTAP will enforce UNIX permissions​​​​​​

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.