Skip to main content
NetApp Knowledge Base

What is the impact of disabling the default UNIX user?

  1. Last updated
  2. Save as PDF
Views:
11
Visibility:
Public
Votes:
0
Category:
not set
Specialty:
not set
Last Updated:

Applies to

  • ONTAP 9
  • CIFS
  • UNIX security style

Answer

  • By default, CIFS/SMB uses the UNIX identity pcuser as a fallback for Windows users who do not have an explicit WIN-to-UNIX name mapping.
    • When access occurs through this fallback mechanism, file operations inherit the permissions of the pcuser account.
  • If the fallback is disabled by setting the default UNIX user to an empty string, any Windows user without a valid UNIX mapping will be denied access.
    • This configuration enhances security by enforcing strict identity mapping but may also disrupt access if mappings are incomplete or misconfigured.
  • Potential Risks:
    • Users currently relying on pcuser for access will be blocked.
    • Misconfigured LDAP or name mapping services may prevent legitimate users from connecting.
    • Guest or anonymous access will no longer function.
  • Best Practices:
    • Ensure LDAP and name mapping services are properly configured and tested.
    • Use 1:1 WIN-to-UNIX username mappings wherever possible.
    • Validate changes in a staging environment before applying them in production.
    • Monitor SECD logs and use diagnostic tools to identify and resolve access issues.

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.